Last updated 2 years ago
Was this helpful?
This is by far the best tool as compared to detect-secrets('yelp') or trufflehog('trufflesecurity') when finding base64 encoded strings in a text file(such as .html).
base64dump.py -u -s a -S <file>
-u, --unique
-s select item nr for dumping (a for all)
-S, --strings perform strings dump
Have converted three example strings to base64:
echo 'secret affairs.....in 8-bit amigo!' | base64 echo 'FLAG<123456789>' | base64 echo '<secret>12345</secret>' | base64
and hid them in an html file downloaded from a random website such as 'Lorem Ipsum'. Then, ran the tool:
βββ(rootπkali)-[/home/kali/] ββ# base64dump.py -u -s a -S index.html FLAG<123456789> <secret>12345</secret> secret affairs.....in 8-bit amigo! +-jG *'jYr ^v+Z bz{^ {kji
