pentest-secrets-exposure
Installation
SKILL.md
Pentest Secrets Exposure
Purpose
Spans multiple unchecked WSTG categories — CONF-03/04 (sensitive files, backups), INFO-05 (info leakage), ERRH-01/02 (error handling, stack traces). Shannon's pre-recon focuses on architecture, not systematic secrets discovery.
Prerequisites
Authorization Requirements
- Written authorization with source code access scope (if white-box)
- Git repository access for history mining (if applicable)
- Target URL list for exposed file probing
Environment Setup
- TruffleHog for git history secret scanning
- GitLeaks for pattern-based secret detection
- Semgrep with secrets ruleset
- nuclei with exposure templates