Getting started

Knowledge hub



Get Secrets From WayBack HTTP Responses

Sometimes exposed credentials, API keys and private company data could be leaked in HTTP responses, this workflow is tailored to find all of the URLs for specified hostnames and search for strings with high entropy.

Complexity: advanced

Category: Secret Discovery



Inputs for this workflow are the hostnames or web servers you want to get all of the URLs in search of credentials leakage.

Execution and results

After setup workflow is ready to be executed. Once workflow last nodes, dumpsterdiver tool and zip-to-out script, are finished result can be viewed and downloaded.

dumpsterdiver tool will contain JSON with the high entropy strings and paths, and zip-to-out script will contain all of the responses saved for easier search.

Try it out!

This workflow is available in the Library, you can copy it and execute it immediately!

This workflow is using small machines by default, and it might break on larger inputs, consider changing the machine type for each node if you plan to use the larger list of hostnames.

Improve this workflow