GitBook: [master] one page modified

This commit is contained in:
CPol 2021-02-08 23:47:15 +00:00 committed by gitbook-bot
parent de835f4e83
commit 27c71d60d2
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF

View file

@ -237,7 +237,7 @@ You use tools like ****[**Arjun**](https://github.com/s0md3v/Arjun) **and** [**P
* **Comments:** Check the comments of all the files, you can find **credentials** or **hidden functionality**.
* If you are playing **CTF**, a "common" trick is to **hide** **information** inside comments at the **right** of the **page** \(using **hundreds** of **spaces** so you don't see the data if you open the source code with the browser\). Other possibility is to use **several new lines** and **hide information** in a comment at the **bottom** of the web page.
* **API keys**: If you find any API key there is guide that indicates how to use API keys of different platforms: [https://github.com/streaak/keyhacks](https://github.com/streaak/keyhacks), [https://github.com/xyele/zile.git](https://github.com/xyele/zile.git)
* **API keys**: If you find any API key there is guide that indicates how to use API keys of different platforms: [https://github.com/streaak/keyhacks](https://github.com/streaak/keyhacks), [https://github.com/xyele/zile.git](https://github.com/xyele/zile.git), [https://github.com/dxa4481/truffleHog/](https://github.com/dxa4481/truffleHog/), [https://github.com/m4ll0k/SecretFinder](https://github.com/m4ll0k/SecretFinder), [https://github.com/l4yton/RegHex](https://github.com/l4yton/RegHex), [https://github.com/dxa4481/truffleHog](https://github.com/dxa4481/truffleHog)
* **S3 Buckets**: While spidering look if any **subdomain** or any **link** is related with some **S3 bucket**. In that case, [**check** the **permissions** of the bucket](buckets/).
#### JS code