Skills
skills/jd-opensource/joysafeter/pentest-secrets-exposure

pentest-secrets-exposure

SKILL.md

Pentest Secrets Exposure

Purpose

Spans multiple unchecked WSTG categories — CONF-03/04 (sensitive files, backups), INFO-05 (info leakage), ERRH-01/02 (error handling, stack traces). Shannon's pre-recon focuses on architecture, not systematic secrets discovery.

Prerequisites

Authorization Requirements

  • Written authorization with source code access scope (if white-box)
  • Git repository access for history mining (if applicable)
  • Target URL list for exposed file probing

Environment Setup

  • TruffleHog for git history secret scanning
  • GitLeaks for pattern-based secret detection
  • Semgrep with secrets ruleset
  • nuclei with exposure templates

Core Workflow

  1. Source Code Secrets: Scan for hardcoded API keys, DB credentials, JWT signing keys, encryption keys using pattern + entropy detection.
  2. Git History Mining: Search all commits for secrets added then removed. Check force-pushed branches. Analyze .gitignore for sensitive patterns.
  3. Exposed Config Files: Probe for .env, .git/config, .DS_Store, wp-config.php, application.yml, docker-compose.yml with credentials (WSTG-CONF-03/04).
  4. Error Handling Disclosure: Trigger stack traces, debug pages, verbose errors revealing internal paths, DB schemas, framework versions (WSTG-ERRH-01/02).
  5. Backup & Unreferenced Files: .bak, .old, .swp, ~files, editor temp files, DB dumps, log files with sensitive data.
  6. Client-Side Bundle Analysis: Extract API keys from JS bundles, source maps exposing server code, hardcoded tokens in mobile packages.
  7. Secret Validation: Test each discovered credential for active access, document scope, assess blast radius.

WSTG Coverage

WSTG ID Test Name Status
WSTG-CONF-03 Test File Extensions Handling for Sensitive Info
WSTG-CONF-04 Review Old Backup and Unreferenced Files
WSTG-INFO-05 Review Webpage Content for Information Leakage
WSTG-ERRH-01 Test Improper Error Handling
WSTG-ERRH-02 Test Stack Traces

Tool Categories

Category Tools Purpose
Git Scanning TruffleHog, GitLeaks Secret detection in git history
Static Analysis Semgrep (secrets rules), grep patterns Source code secret scanning
Web Probing nuclei (exposure templates), ffuf Exposed file/config discovery
JS Analysis SecretFinder, LinkFinder Client-side bundle secret extraction
Validation curl, custom scripts Credential active-access testing

References

  • references/tools.md - Tool function signatures and parameters
  • references/workflows.md - Attack pattern definitions and test vectors
Weekly Installs
28
Repository
jd-opensource/joysafeter
GitHub Stars
175
First Seen
Feb 18, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
Installed on
opencode28
gemini-cli28
github-copilot28
codex28
amp28
kimi-cli28