From d30ac8f6c0b8803a5d7146bd4ca4f351c787ecc7 Mon Sep 17 00:00:00 2001
From: Xalgord <48483027+xalgord@users.noreply.github.com>
Date: Sat, 13 Feb 2021 09:19:43 +0530
Subject: [PATCH] Update README.md

---
 README.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/README.md b/README.md
index 60a852c..654b845 100644
--- a/README.md
+++ b/README.md
@@ -95,3 +95,30 @@ python3 ragno.py -d test.vulnweb.com -s -q -o ragno_urls.txt | cat ragno_urls.tx
 ```
 amass enum -brute -o output.txt -d example.com -v
 ```
+
+## Detect Low Hanging Bugs and Sensitive Information like API Keys, Secrets etc. including JS Files and HTML Pages
+
+
+First run Amass Scan and save its output and then run Sublist3r with bruteforce mode and also save its output in different file. 
+Now open a Website such as https://www.textfixer.com/tools/remove-duplicate-lines.php to remove duplicate subdomains.
+
+Tool: https://github.com/BitTheByte/Eagle
+
+Basic Usage:
+```
+python3 main.py -f domains.txt
+```
+
+Advanced Usage:
+```
+python3 main.py -f domains.txt -w 10 --db output.db.json
+```
+
+To check API keys if they vulnerable or not, use a tool such as gmapsapiscanner, it is usefull to save the time by automating the process and also if it gets any Vulnerable API, it will generate its POC itself.
+
+Tool: https://github.com/ozguralp/gmapsapiscanner
+
+Usage:
+```
+python3 maps_api_scanner_python3.py
+```