pentest-secrets-exposure

Discover hardcoded credentials, leaked API keys, exposed configuration files, sensitive data in artifacts, and information disclosure via error handling.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "pentest-secrets-exposure" with this command: npx skills add jd-opensource/joysafeter/jd-opensource-joysafeter-pentest-secrets-exposure

Pentest Secrets Exposure

Purpose

Spans multiple unchecked WSTG categories — CONF-03/04 (sensitive files, backups), INFO-05 (info leakage), ERRH-01/02 (error handling, stack traces). Shannon's pre-recon focuses on architecture, not systematic secrets discovery.

Prerequisites

Authorization Requirements

  • Written authorization with source code access scope (if white-box)
  • Git repository access for history mining (if applicable)
  • Target URL list for exposed file probing

Environment Setup

  • TruffleHog for git history secret scanning
  • GitLeaks for pattern-based secret detection
  • Semgrep with secrets ruleset
  • nuclei with exposure templates

Core Workflow

  1. Source Code Secrets: Scan for hardcoded API keys, DB credentials, JWT signing keys, encryption keys using pattern + entropy detection.
  2. Git History Mining: Search all commits for secrets added then removed. Check force-pushed branches. Analyze .gitignore for sensitive patterns.
  3. Exposed Config Files: Probe for .env, .git/config, .DS_Store, wp-config.php, application.yml, docker-compose.yml with credentials (WSTG-CONF-03/04).
  4. Error Handling Disclosure: Trigger stack traces, debug pages, verbose errors revealing internal paths, DB schemas, framework versions (WSTG-ERRH-01/02).
  5. Backup & Unreferenced Files: .bak, .old, .swp, ~files, editor temp files, DB dumps, log files with sensitive data.
  6. Client-Side Bundle Analysis: Extract API keys from JS bundles, source maps exposing server code, hardcoded tokens in mobile packages.
  7. Secret Validation: Test each discovered credential for active access, document scope, assess blast radius.

WSTG Coverage

WSTG IDTest NameStatus
WSTG-CONF-03Test File Extensions Handling for Sensitive Info
WSTG-CONF-04Review Old Backup and Unreferenced Files
WSTG-INFO-05Review Webpage Content for Information Leakage
WSTG-ERRH-01Test Improper Error Handling
WSTG-ERRH-02Test Stack Traces

Tool Categories

CategoryToolsPurpose
Git ScanningTruffleHog, GitLeaksSecret detection in git history
Static AnalysisSemgrep (secrets rules), grep patternsSource code secret scanning
Web Probingnuclei (exposure templates), ffufExposed file/config discovery
JS AnalysisSecretFinder, LinkFinderClient-side bundle secret extraction
Validationcurl, custom scriptsCredential active-access testing

References

  • references/tools.md - Tool function signatures and parameters
  • references/workflows.md - Attack pattern definitions and test vectors

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

pentest-whitebox-code-review

No summary provided by upstream source.

Repository SourceNeeds Review
-31
jd-opensource
Coding

pentest-client-advanced

No summary provided by upstream source.

Repository SourceNeeds Review
-24
jd-opensource
General

pentest-mobile-app

No summary provided by upstream source.

Repository SourceNeeds Review
-38
jd-opensource