Hidden Secrets
1. Base64 Encoded String
This is by far the best tool as compared to detect-secrets('yelp') or trufflehog('trufflesecurity') when finding base64 encoded strings in a text file(such as .html).
base64dump.py -u -s a -S <file>-u, --unique
-s select item nr for dumping (a for all)
-S, --strings perform strings dump
Have converted three example strings to base64:
echo 'secret affairs.....in 8-bit amigo!' | base64
echo 'FLAG<123456789>' | base64
echo '<secret>12345</secret>' | base64and hid them in an html file downloaded from a random website such as 'Lorem Ipsum'. Then, ran the tool:
┌──(root💀kali)-[/home/kali/]
└─# base64dump.py -u -s a -S index.html
FLAG<123456789>
<secret>12345</secret>
secret affairs.....in 8-bit amigo!
+-jG
*'jYr
^v+Z
bz{^
{kji
Last updated
Was this helpful?