GitBook: [master] one page modified
This commit is contained in:
parent
3876d7fb90
commit
f60b8d7ea8
|
@ -232,7 +232,8 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
|
|||
* **Discover new parameters**: You can use tools like [Arjun](https://github.com/s0md3v/Arjun) **and** [parameth](https://github.com/maK-/parameth) **to discover hidden parameters. If you can, you could try to search** hidden parameters on each executable web file.
|
||||
* **Comments:** Check the comments of all the files, you can find **credentials** or **hidden functionality**.
|
||||
* If you are playing **CTF**, a "common" trick is to **hide** **information** inside comments at the **right** of the **page** \(using **hundreds** of **spaces** so you don't see the data if you open the source code with the browser\). Other possibility is to use **several new lines** and **hide information** in a comment at the **bottom** of the web page.
|
||||
* **API keys**: If you **find any API key** there is guide that indicates how to use API keys of different platforms: [keyhacks](https://github.com/streaak/keyhacks), [**zile**](https://github.com/xyele/zile.git)**,** [truffleHog](https://github.com/dxa4481/truffleHog/), [SecretFinder](https://github.com/m4ll0k/SecretFinder), [RegHex](https://github.com/l4yton/RegHex%29\)
|
||||
* **API keys**: If you **find any API key** there is guide that indicates how to use API keys of different platforms: [keyhacks](https://github.com/streaak/keyhacks), [**zile**](https://github.com/xyele/zile.git)**,** [truffleHog](https://github.com/dxa4481/truffleHog/), [SecretFinder](https://github.com/m4ll0k/SecretFinder), [RegHex](https://github.com/l4yton/RegHex%29\).
|
||||
* Google API keys: If you find any API key looking like **AIza**SyA-qLheq6xjDiEIRisP\_ujUseYLQCHUjik you can use the project [**gmapapiscanner**](https://github.com/ozguralp/gmapsapiscanner) ****to check which apis the key can access.
|
||||
* **S3 Buckets**: While spidering look if any **subdomain** or any **link** is related with some **S3 bucket**. In that case, [**check** the **permissions** of the bucket](buckets/).
|
||||
|
||||
### Special findings
|
||||
|
|
Loading…
Reference in New Issue