search

PatrikFehrenbach / vilicus

vīlicus is a bug bounty api dashboard
MIT License
38 stars 7 forks source link

Hardcoded API key #2

Closed yassineaboukir closed 1 year ago

yassineaboukir commented 1 year ago

Valid hardcoded Securitytrails API key here: https://github.com/PatrikFehrenbach/vilicus/blob/60409f604dddddaa0ddc46832466f6b1849eb5cb/routes/index.py#L18

curl --request GET \
  --url https://api.securitytrails.com/v1/history/hackerone.com/dns/a \
  --header 'apikey: 47N3WQjDpOfPvbGlItKgymROSgMV2w5g'
{
  "endpoint": "/v1/history/hackerone.com/dns/a",
  "pages": 1,
  "records": [
    {
      "first_seen": "2018-12-20",
      "last_seen": "2023-07-08",
      "organizations": [
        "Cloudflare, Inc."
      ],
      "type": "a",
      "values": [
        {
          "ip": "104.16.100.52",
          "ip_count": 10
        }

Bounty plz?

PatrikFehrenbach commented 1 year ago

duh!

Thanks <3 fixed and invalidated the keys