Investigating JavaScripts files since 1850
️🕵️ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python
A quick guide of how to install and use Pinkerton.
1. Clone the repository with: git clone https://github.com/oppsec/pinkerton.git
2. Install the libraries with: pip3 install -r requirements.txt
3. Run Pinkerton with: python3 main.py -u https://example.com
3.1 (Optional)
If you're using Python 3.11+ + Arch (as me) you're probably getting errors when trying to install the libs from requirements.txt, to fix this, use:
- pip3 install -r requirements.txt --break-system-packages
If you want to use pinkerton in a Docker container, follow this commands:
1. Clone the repository - git clone https://github.com/oppsec/pinkerton.git
2. Build the image - sudo docker build -t pinkerton:latest .
3. Run container - sudo docker run pinkerton:latest
- Python 3 installed on your machine.
- Install the libraries with
pip3 install -r requirements.txt
pacman -Syu pinkerton
- Works with ProxyChains
- Fast scan
- Low RAM and CPU usage
- Open-Source
- Python ❤️
- Add more secrets regex pattern
- Improve JavaScript file extract function
- Improve pattern match system
- Add pass list file method
A quick guide of how to contribute with the project.
1. Create a fork from Pinkerton repository
2. Clone the repository with git clone https://github.com/your/pinkerton.git
3. Type cd pinkerton/
4. Create a branch and make your changes
5. Commit and make a git push
6. Open a pull request
- m4ll0k (SecretFinder creator) for the regex patterns
- h33lit (Jubaer Alnazi) for the regex patterns
- zricethezav (GitLeaks creator) for the regex patterns
- The developer is not responsible for any malicious use of this tool.