GitBook: [master] one page modified

pentesting/pentesting-web/README.md

@@ -237,7 +237,7 @@ You use tools like ****[**Arjun**](https://github.com/s0md3v/Arjun) **and** [**P
 
 * **Comments:** Check the comments of all the files, you can find **credentials** or **hidden functionality**. 
   * If you are playing  **CTF**,  a "common" trick is to **hide** **information** inside comments at the **right** of the **page** \(using **hundreds** of **spaces** so you don't see the data if you open the source code with the browser\). Other possibility is to use **several new lines** and **hide information** in a comment at the **bottom** of the web page.
-* **API keys**: If you find any API key there is guide that indicates how to use API keys of different platforms: [https://github.com/streaak/keyhacks](https://github.com/streaak/keyhacks), [https://github.com/xyele/zile.git](https://github.com/xyele/zile.git)
+* **API keys**: If you find any API key there is guide that indicates how to use API keys of different platforms: [https://github.com/streaak/keyhacks](https://github.com/streaak/keyhacks), [https://github.com/xyele/zile.git](https://github.com/xyele/zile.git), [https://github.com/dxa4481/truffleHog/](https://github.com/dxa4481/truffleHog/), [https://github.com/m4ll0k/SecretFinder](https://github.com/m4ll0k/SecretFinder), [https://github.com/l4yton/RegHex](https://github.com/l4yton/RegHex), [https://github.com/dxa4481/truffleHog](https://github.com/dxa4481/truffleHog)
 * **S3 Buckets**: While spidering look if any **subdomain** or any **link** is related with some **S3 bucket**. In that case, [**check** the **permissions** of the bucket](buckets/).
 
 #### JS code