swaggerHole - A Python3 Script Searching For Secret On Swaggerhub

KoreanHackerTeam · 25nj

AVvXsEgRljQyFcgTZb4QTUQAXiP9eyW_Fekzx2kyra3RU1VavN4YnL6zw4rNwfeZnizpu6kduRsMj2JcgySp-UuMDoxok-6vBpNlpU4gea4gmMI7cdXGxPQ8EvKjXjpqX9Awz3WGQsAU5OctKJ7iJwfi0AczjKJ-h92AKkwZJrxcxU-1Wr3ui1-ITAGicwPyjc53=w640-h470

Introduction

This tool is made to automate the process of retrieving secrets in the public APIs on [swaggerHub](https://app.swaggerhub.com/search). This tool is multithreaded and pipe mode is available

Requirements

- python3 (sudo apt install python3) - pip3 (sudo apt install python3-pip) ## Installation
pip3 install swaggerhole
or cloning this repository and running

코드:

git clone https://github.com/Liodeus/swaggerHole.git
pip3 install .

Usage

코드:

   _____ _      __ ____ _ ____ _ ____ _ ___   _____
  / ___/| | /| / // __ `// __ `// __ `// _ \ / ___/
 (__  ) | |/ |/ // /_/ // /_/ // /_/ //  __// /    
/____/  |__/|__/ \__,_/ \__, / \__, / \___//_/     
    __  __        __   /____/ /____/               
   / / / /____   / /___                            
  / /_/ // __ \ / // _ \                           
 / __  // /_/ // //  __/                           
/_/ /_/ \____//_/ \___/                            

usage: swaggerhole [-h] [-s SEARCH] [-o OUT] [-t THREADS] [-j] [-q] [-du] [-de]

optional arguments:
  -h, --help            show this help message and exit
  -s SEARCH, --search SEARCH
                        Term to search
  -o OUT, --out OUT     Output directory
  -t THREADS, --threads THREADS
                        Threads number (Default 25)
  -j, --json            Json ouput
  -q, --quiet           Remove banner
  -du, --deactivate_url
                        Deactivate the URL filtering
  -de, --deactivate_email
                        Deactivate the email filtering

Search for secret about a domain

코드:

swaggerHole -s test.com

echo test.com | swaggerHole

Search for secret about a domain and output to json

코드:

swaggerHole -s test.com --json

echo test.com | swaggerHole --json

Search for secret about a domain and do it fast

코드:

swaggerHole -s test.com -t 100

echo test.com | swaggerHole -t 100

Output explanation

Normal output

`Finding_Type - Finding - [Swagger_Name][Date_Last_Update][Line:Number]`

Json output

`{"Finding_Type": Finding, "File": File_path, "Date": Date_Last_Update, "Line": Number}`

Deactivate url/email

Using -du or -de remove the filtering done by the tool. There is more false positive with those options.

swaggerHole - A Python3 Script Searching For Secret On Swaggerhub

Introduction​

Requirements​

Usage​

Search for secret about a domain​

Search for secret about a domain and output to json​

Search for secret about a domain and do it fast ​

Output explanation​

Normal output​

Json output​

Deactivate url/email​