Security News
PyPI Now Supports iOS and Android Wheels for Mobile Python Development
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.
By Sarah Gooding - Feb 12, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
- Maintainers
- 1
A python3 script searching for secret on swaggerhub
Introduction • Requirements • Installation • Usage • Output explanation • Thanks
Created by
Liodeus
Introduction
This tool is made to automate the process of retrieving secrets in the public APIs on swaggerHub. This tool is multithreaded and pipe mode is available :)
Requirements
- python3 (sudo apt install python3)
- pip3 (sudo apt install python3-pip)
Installation
pip3 install swaggerhole
or cloning this repository and running
git clone https://github.com/Liodeus/swaggerHole.git
pip3 install .
Usage
_____ _ __ ____ _ ____ _ ____ _ ___ _____
/ ___/| | /| / // __ `// __ `// __ `// _ \ / ___/
(__ ) | |/ |/ // /_/ // /_/ // /_/ // __// /
/____/ |__/|__/ \__,_/ \__, / \__, / \___//_/
__ __ __ /____/ /____/
/ / / /____ / /___
/ /_/ // __ \ / // _ \
/ __ // /_/ // // __/
/_/ /_/ \____//_/ \___/
usage: swaggerhole [-h] [-s SEARCH] [-o OUT] [-t THREADS] [-j] [-q] [-du] [-de]
optional arguments:
-h, --help show this help message and exit
-s SEARCH, --search SEARCH
Term to search
-o OUT, --out OUT Output directory
-t THREADS, --threads THREADS
Threads number (Default 25)
-j, --json Json ouput
-q, --quiet Remove banner
-du, --deactivate_url
Deactivate the URL filtering
-de, --deactivate_email
Deactivate the email filtering
Search for secret about a domain
swaggerHole -s test.com
echo test.com | swaggerHole
Search for secret about a domain and output to json
swaggerHole -s test.com --json
echo test.com | swaggerHole --json
Search for secret about a domain and do it fast :)
swaggerHole -s test.com -t 100
echo test.com | swaggerHole -t 100
Output explanation
Normal output
[Swagger_Name][Date_Last_Update][Line:Number] Finding_Type - Finding
Json output
{"File": File_path, "Date": Date_Last_Update, "Line": Number, "Finding_Type": Finding}
Deactivate url/email
Using -du or -de remove the filtering done by the tool. There is more false positive with those options.
Thanks
TODO
FAQs
Automate the process of retrieving secrets in the public APIs on swaggerHub
We found that swaggerhole demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Create React App Officially Deprecated Amid React 19 Compatibility Issues
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
By Sarah Gooding - Feb 11, 2025
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025