Sign Up

Get Secrets From WayBack HTTP Responses

Sometimes exposed credentials, API keys and private company data could be leaked in HTTP responses, this workflow is tailored to find all of the URLs for specified hostnames and search for strings with high entropy.

Complexity: advanced

Category: Secret Discovery



Inputs for this workflow are the hostnames or web servers you want to get all of the URLs in search of credentials leakage.

Get Secrets From WayBack HTTP Responses workflow target setup

Execution and results

After setup workflow is ready to be executed. Once workflow last nodes, dumpsterdiver tool and zip-to-out script, are finished result can be viewed and downloaded.

dumpsterdiver tool will contain JSON with the high entropy strings and paths, and zip-to-out script will contain all of the responses saved for easier search.

Get Secrets From WayBack HTTP Responses workflow results

Try it out!

This workflow is available in the Library, you can copy it and execute it immediately!

Explore another Secret Discovery workflow from Trickest library - Enumerate Github Users!

This workflow is using small machines by default, and it might break on larger inputs, consider changing the machine type for each node if you plan to use the larger list of hostnames.

Improve this workflow