0008178: S3cr3tDetect0rz is a Red Team tool that helps uncover sensitive information in websites using ACTIVE not PASSIVE Techniques for - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0008178	Kali Linux	New Tool Requests	public	2023-02-13 20:12	2023-05-05 13:59

Reporter	saintdrug	Assigned To
Priority	normal	Severity	minor	Reproducibility	N/A
Status	closed	Resolution	suspended
Product Version	2022.4

Summary	0008178: S3cr3tDetect0rz is a Red Team tool that helps uncover sensitive information in websites using ACTIVE not PASSIVE Techniques for
Description	[Name] - S3cr3tDetect0rz [Version] - 1.0 https://github.com/blackhatethicalhacking/S3cr3tDetect0rz [Homepage] - https://www.blackhatethicalhacking.com [Download] - https://github.com/blackhatethicalhacking/S3cr3tDetect0rz [Author] - Chris "SaintDruG" Abou-Chabke [Licence] - GPL-3.0 license [Description] - S3cr3tDetect0rz is a very powerful and versatile tool designed for Red Team Professionals and Ethical Hackers. It utilizes a custom wordlist that you provide, a powerful regex pattern matching engine that is written for you based on a lot of research which is included as secrethub.json file to accurately identify secrets hidden within a website's pages. With its user-friendly interface and flexible options, S3cr3tDetect0rz makes it easy for users to customize and automate their secret detection process. The secrethub.json file, known for its strong and accurate regex patterns, further elevates the tool's accuracy in detecting sensitive information. [Dependencies] - To use S3cr3tDetect0rz, you need to have the following tools installed: figlet & lolcat: pip install lolcat & apt-get install figlet (Pipe Viewer) utility to display a progress bar in the terminal. You can install "pv" by running: sudo apt-get install pv Gobuster: Gobuster is a tool used to brute force subdomains and directories. It is the core component of S3cr3tDetect0rz and is required for the tool to function. You can install Gobuster on Kali Linux by running the following command: sudo apt-get install gobuster [Similar tools] - Unique, not like Trufflehog or GitLeaks, this is on active websites and not passive with complex coding and complex regex patterns custom made [Activity] - Today we have nearly 1000 followers on github i will release more tools here, i have over 10 and creating more [How to install] - I made a debian so its dpkg -i S3cr3tDetect0rz.deb or the bash script [How to use] - To use S3cr3tDetect0rz, you need to have the following tools installed: figlet & lolcat: pip install lolcat & apt-get install figlet (Pipe Viewer) utility to display a progress bar in the terminal. You can install "pv" by running: sudo apt-get install pv Gobuster: Gobuster is a tool used to brute force subdomains and directories. It is the core component of S3cr3tDetect0rz and is required for the tool to function. You can install Gobuster on Kali Linux by running the following command: sudo apt-get install gobuster Wordlists: S3cr3tDetect0rz uses wordlists to brute force subdomains and directories. There are several good wordlists available online, such as the SecLists project (https://github.com/danielmiessler/SecLists) and the FuzzDB project (https://github.com/fuzzdb-project/fuzzdb). SecretHub.json: SecretHub.json is a custom regex pattern matching engine that is included in the S3cr3tDetect0rz GitHub repository Installation git clone https://github.com/blackhatethicalhacking/S3cr3tDetect0rz.git cd S3cr3tDetect0rz chmod +x S3cr3tDetect0rz.sh ./S3cr3tDetect0rz.sh The script will prompt you to provide the target URL(s) to test for open redirect vulnerabilities. Enter the wordlist Path [Packaged] - Is the tool already packaged for Debian? Yes
Steps To Reproduce	To use S3cr3tDetect0rz, you need to have the following tools installed: figlet & lolcat: pip install lolcat & apt-get install figlet (Pipe Viewer) utility to display a progress bar in the terminal. You can install "pv" by running: sudo apt-get install pv Gobuster: Gobuster is a tool used to brute force subdomains and directories. It is the core component of S3cr3tDetect0rz and is required for the tool to function. You can install Gobuster on Kali Linux by running the following command: sudo apt-get install gobuster Wordlists: S3cr3tDetect0rz uses wordlists to brute force subdomains and directories. There are several good wordlists available online, such as the SecLists project (https://github.com/danielmiessler/SecLists) and the FuzzDB project (https://github.com/fuzzdb-project/fuzzdb). SecretHub.json: SecretHub.json is a custom regex pattern matching engine that is included in the S3cr3tDetect0rz GitHub repository Installation git clone https://github.com/blackhatethicalhacking/S3cr3tDetect0rz.git cd S3cr3tDetect0rz chmod +x S3cr3tDetect0rz.sh ./S3cr3tDetect0rz.sh The script will prompt you to provide the target URL(s) to test for open redirect vulnerabilities. Enter the wordlist Path
Additional Information	Features: Input: The first step is to take input from the user for the URL and wordlist. This is done using the read command, which prompts the user to enter the URL and the path to the wordlist. Wordlist existence check: The next step is to check if the wordlist file exists or not. This is done using the if [ ! -f $wordlist ]; then command, which checks if the file at the specified path does not exist. If the file does not exist, an error message is displayed, and the script exits. Directory creation: The next step is to create a directory to store the results of the curl command. This is done using the mkdir -p $domain command, where $domain is the domain name of the URL extracted using the awk command. Gobuster: The fourth step is to run gobuster, which is a tool for discovering directories and files in websites. This is done using the gobuster dir command, with the following options: -u $url: specifies the URL to be tested -w $wordlist: specifies the path to the wordlist -x .js,.php,.yml,.env,.txt,.xml,.html,.config: specifies the file extensions to be tested -e: enables the extension testing -s 200,204,301,302,307,401,403: specifies the status codes to be considered as successful --random-agent: sets a random user agent in each request -o $domain/gobuster.txt: saves the output to a file in the directory created in step 3 Displays a cool progress bar as it analyses secrets URL extraction: The fifth step is to extract the discovered URLs from the gobuster output. This is done using the grep command with the -oE option, which extracts the URLs that match the regular expression "(http\|https)://[a-zA-Z0-9./?=_-]*". The extracted URLs are then sorted and stored in a file using the sort -u > $domain/discovered_urls.txt command. It will fetch both 200 and 301 responses adding the redirected URL to the list. Loop through URLs: The sixth step is to loop through each of the discovered URLs and run the curl command to retrieve the content of the URL. This is done using a while loop and the read command, which reads each line of the discovered_urls.txt file. For each URL, the curl command is run with the -s option, which suppresses output, and the output is saved to a file with the name discovered_urlsfor$(echo $discovered_url \| awk -F/ '{print $3}').txt. Secrets discovery: The seventh step is to search for secrets in the output of the curl command. This is done using the grep and awk commands. The secrets are searched for using regular expressions specified in the secrethub.json file, which is processed using the jq command. The grep command searches the content. It is highly configured to also print each URL + Full Path before each secret found to know where it found it.
Attached Files	S3cr3tDetect0rz.deb (3,236 bytes) S3cr3tDetect0rz.sh (4,093 bytes) #!/bin/bash curl --silent "https://raw.githubusercontent.com/blackhatethicalhacking/Subdomain_Bruteforce_bheh/main/ascii.sh" \| lolcat echo "" # Generate a random Sun Tzu quote for offensive security # Array of Sun Tzu quotes quotes=("The supreme art of war is to subdue the enemy without fighting." "All warfare is based on deception." "He who knows when he can fight and when he cannot, will be victorious." "The whole secret lies in confusing the enemy, so that he cannot fathom our real intent." "To win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.") # Get a random quote from the array random_quote=${quotes[$RANDOM % ${#quotes[@]}]} # Print the quote echo "Offensive Security Tip: $random_quote - Sun Tzu" \| lolcat sleep 1 echo "MEANS, IT'S ☕ 1337 ⚡ TIME, 369 ☯ " \| lolcat sleep 1 figlet -w 80 -f small S3cr3tDetect0rz \| lolcat echo "" echo "[YOUR ARE USING S3cr3tDetect0rz.sh] - (v1.0) CODED BY Chris 'SaintDruG' Abou-Chabké WITH ❤ FOR blackhatethicalhacking.com for Educational Purposes only!" \| lolcat sleep 1 #check if the user is connected to the internet tput bold;echo "CHECKING IF YOU ARE CONNECTED TO THE INTERNET!" \| lolcat # Check connection wget -q --spider https://google.com if [ $? -ne 0 ];then echo "++++ CONNECT TO THE INTERNET BEFORE RUNNING S3cr3tDetect0rz.sh!" \| lolcat exit 1 fi tput bold;echo "++++ CONNECTION FOUND, LET'S GO!" \| lolcat # Take input for URL and path to wordlist read -p "Enter the URL: " url read -p "Enter path to wordlist: " wordlist # Check if wordlist exists echo "Checking and Confirming your wordlist exist and proceeding with the attacks..." \| lolcat sleep 1 if [ ! -f $wordlist ]; then echo "Error: wordlist file $wordlist does not exist." \| lolcat exit 1 fi # Create a directory to store the results of curl using the domain name of the URL provided by the user echo "Creating a directory to save all results..." \| lolcat sleep 1 domain=`echo $url \| awk -F/ '{print $3}'` mkdir -p $domain # Start gobuster with given URL and wordlist echo "Starting GoBuster with ACTIVE Scan against the target searching for specific extensions, filtering with 200 & 301 status codes..." \| lolcat sleep 1 gobuster dir -u $url -w $wordlist -x .js,.php,.yml,.env,.txt,.xml,.html,.config -e -s 200,204,301,302,307,401,403 --wildcard -o $domain/gobuster.txt # Extract the discovered URLs for further testing grep "Status: 200" $domain/gobuster.txt \| grep -oE "(http\|https)://[a-zA-Z0-9./?=_-]" \| sort -u > $domain/discovered_urls.txt grep "Status: 301" $domain/gobuster.txt \| grep -oE "(http\|https)://[a-zA-Z0-9./?=_-]" \| sort -u >> $domain/discovered_urls.txt # Set the starting count to 0 count=0 # Loop through each URL and run curl echo "Performing curl on every URL I found to fetch the content..." \| lolcat sleep 1 while read discovered_url; do curl -s $discovered_url > "$domain/discovered_urls_for_$(echo $discovered_url \| awk -F/ '{print $3}').txt" done < "$domain/discovered_urls.txt" # Search for secrets in the output of curl and save the result in secrets.csv echo "I am now searching for secrets using secrethub.json and saving the results in secrets.csv for you..." \| lolcat sleep 1 if [ ! -f "$domain/discovered_urls_for_$domain.txt" ]; then echo "No discovered_urls_for_$domain file found." exit 1 fi while read discovered_url; do discovered_url_file="$domain/discovered_urls_for_$(echo $discovered_url \| awk -F/ '{print $3}').txt" if [ ! -f "$discovered_url_file" ]; then echo "File $discovered_url_file does not exist." continue fi echo "URL Affected: $discovered_url" >> "$domain/secrets.csv" secrets_found=$(grep -E $(cat secrethub.json \| jq -r '.patterns \| join("\|")') "$discovered_url_file") unique_secrets=$(echo "$secrets_found" \| awk '!seen[$0]++ { print $0 }') count=$(echo "$unique_secrets" \| wc -l) echo "$unique_secrets" >> "$domain/secrets.csv" echo "Total secrets found: $count" >> "$domain/secrets.csv" done < "$domain/discovered_urls.txt" echo "Total secrets found: $count" \| lolcat S3cr3tDetect0rz.sh (4,093 bytes) secrethub.json (2,915 bytes)

Date Modified	Username	Field	Change
2023-02-13 20:12	saintdrug	New Issue
2023-02-13 20:12	saintdrug	File Added: S3cr3tDetect0rz.deb
2023-02-13 20:12	saintdrug	File Added: S3cr3tDetect0rz.sh
2023-02-13 20:12	saintdrug	File Added: secrethub.json
2023-05-05 13:58	g0tmi1k	Note Added: 0017881
2023-05-05 13:59	g0tmi1k	Status	new => closed
2023-05-05 13:59	g0tmi1k	Resolution	open => suspended