Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
12 views2 pages

CCPS WPS

The document lists various sensitive information types such as AWS keys, passwords, and tokens, relevant for bug bounty and penetration testing. It outlines a method for collecting links and source code, particularly focusing on JavaScript files to find sensitive information. Additionally, it references tools like 'subjs' and 'katana' for further reconnaissance activities.

Uploaded by

sblue7114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
12 views2 pages

CCPS WPS

The document lists various sensitive information types such as AWS keys, passwords, and tokens, relevant for bug bounty and penetration testing. It outlines a method for collecting links and source code, particularly focusing on JavaScript files to find sensitive information. Additionally, it references tools like 'subjs' and 'katana' for further reconnaissance activities.

Uploaded by

sblue7114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Mizanur Rahman Pranto

23:37
aws_access_key | aws_secret_key | apikey | passwd | pwd | heroku | slack
| firebase | swagger | aws_secret_key | laws key | password | ftp password
| jdbc | db | sql | secret jet | config | admin | pwd | json | gcp l htaccess
| .env | ssh key | .git | access key | secret token | oauth_token |
oauth_token_secret"  
- Tatget domain - Any Sob-domain ( For bug bounty all, For PenTest
which is required) - Collect all the links - Go for Source Code - Enter .js
and check all the files - Open .js file in a new tab - Collect all the
Javascript Link - Open JavaScript Link - Find the sensitive info

| aws_secret_key | apikey | passwd | pwd | heroku | slack | firebase |


swagger | aws_secret_key | laws key | password | ftp password | jdbc | db
| sql | secret jet | config | admin | pwd | json | gcp l htaccess | .env | ssh
key | .git | access key | secret token | oauth_token | oauth_token_secret"
 
- Tatget domain - Any Sob-domain ( For bug bounty all, For PenTest
which is required) - Collect all the links - Go for Source Code - Enter .js
and check all the files - Open .js file in a new tab - Collect all the
Javascript Link - Open JavaScript Link - Find the sensitive info

tar xvf subjs_1.0.0_linux_amd64.tar.gz $ mv subjs /usr/bin/subjs


https://github.com/lc/subjs
Dork
https://github.com/cipher387/Dorks-collections-list?tab=readme-ov-
file#githubdorks

katana
subjs
JSLeskRecon

You might also like