Token exposure finder - A simple helper tool for auto-recon and crawl for hunting secret key through web files and web pages with crawling and OSINT methodology.
Golang
gau
(golang tool)katana
(golang tool)nuclei
(golang tool)
apt install golang-go -y
go install -v github.com/lc/gau/v2/cmd/gau@latest
go install github.com/projectdiscovery/katana/cmd/katana@latest
go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
- Install tokex.sh
git clone https://github.com/xchopath/tokex.sh
Adjust all binary files location in tokex.sh
.
PROCESSPOOL=5
GAU_BIN="${HOME}/go/bin/gau"
KATANA_BIN="${HOME}/go/bin/katana"
NUCLEI_BIN="${HOME}/go/bin/nuclei"
bash tokex.sh fqdn.domain
Example:
$ bash tokex.sh redacted.com
_ _
| |_ ___ | | _______ __
| __/ _ \| |/ / _ \ \/ /
| || (_) | < __/> <
\__\___/|_|\_\___/_/\_\
Token Exposure Finder!
INFO: Target redacted.com
INFO: Checking HTTP connection...
INFO: Getting historical links redacted.com...
INFO: Crawling https://redacted.com/...
INFO: Finding secret key <####################################### > 99%
INFO: Finished!
INFO: Total findings: 3
INFO: Result file location tokex_results_1680248289.22646.txt