Headers parameter and Escaping Parenthesis error fix

README.md

@@ -12,34 +12,29 @@ The output is given in HTML or plaintext.
 ## Help
 
 ```
-usage: SecretFinder.py [-h] [-e] -i INPUT [-o OUTPUT] [-r REGEX] [-b]
-                       [-c COOKIE] [-g IGNORE] [-n ONLY] [-H HEADERS]
-                       [-p PROXY]
+usage: SecretFinder.py [-h] [-e] -i INPUT [-o OUTPUT] [-r REGEX] [-b] [-c COOKIE] [-g IGNORE] [-n ONLY] [-H HEADERS] [-p PROXY] [-d DELAY]
 
-optional arguments:
+options:
   -h, --help            show this help message and exit
-  -e, --extract         Extract all javascript links located in a page and
-                        process it
+  -e, --extract         Extract all javascript links located in a page and process it
   -i INPUT, --input INPUT
                         Input a: URL, file or folder
   -o OUTPUT, --output OUTPUT
-                        Where to save the file, including file name. Default:
-                        output.html
+                        Where to save the file, including file name. Default: output.html
   -r REGEX, --regex REGEX
-                        RegEx for filtering purposes against found endpoint
-                        (e.g: ^/api/)
+                        RegEx for filtering purposes against found endpoint (e.g: ^/api/)
   -b, --burp            Support burp exported file
   -c COOKIE, --cookie COOKIE
                         Add cookies for authenticated JS files
   -g IGNORE, --ignore IGNORE
-                        Ignore js url, if it contain the provided string
-                        (string;string2..)
-  -n ONLY, --only ONLY  Process js url, if it contain the provided string
-                        (string;string2..)
+                        Ignore js url, if it contain the provided string (string;string2..)
+  -n ONLY, --only ONLY  Process js url, if it contain the provided string (string;string2..)
   -H HEADERS, --headers HEADERS
                         Set headers ("Name:Value\nName:Value")
   -p PROXY, --proxy PROXY
                         Set proxy (host:port)
+  -d DELAY, --delay DELAY
+                        Set delay between requests
 
 ```
 
@@ -48,7 +43,7 @@ optional arguments:
 SecretFinder supports Python 3.
 
 ```
-$ git clone https://github.com/m4ll0k/SecretFinder.git secretfinder
+$ git clone https://github.com/PolEspurnes/SecretFinder.git secretfinder
 $ cd secretfinder
 $ python -m pip install -r requirements.txt or pip install -r requirements.txt
 $ python3 SecretFinder.py

SecretFinder.py

@@ -20,6 +20,7 @@
 import requests
 import string
 import random
+import time
 from html import escape
 import urllib3
 import xml.etree.ElementTree
@@ -42,12 +43,12 @@
     'amazon_aws_access_key_id' : r'A[SK]IA[0-9A-Z]{16}',
     'amazon_mws_auth_toke' : r'amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}',
     'amazon_aws_url' : r's3\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\.s3\.amazonaws.com',
-    'amazon_aws_url2' : r"(" \
+    'amazon_aws_url2' : r"\(" \
            r"[a-zA-Z0-9-\.\_]+\.s3\.amazonaws\.com" \
            r"|s3://[a-zA-Z0-9-\.\_]+" \
            r"|s3-[a-zA-Z0-9-\.\_\/]+" \
            r"|s3.amazonaws.com/[a-zA-Z0-9-\.\_]+" \
-           r"|s3.console.aws.amazon.com/s3/buckets/[a-zA-Z0-9-\.\_]+)",
+           r"|s3.console.aws.amazon.com/s3/buckets/[a-zA-Z0-9-\.\_]+\)",
     'facebook_access_token' : r'EAACEdEose0cBA[0-9A-Za-z]+',
     'authorization_basic' : r'basic [a-zA-Z0-9=:_\+\/-]{5,100}',
     'authorization_bearer' : r'bearer [a-zA-Z0-9_\-\.=:_\+\/]{5,100}',
@@ -67,14 +68,14 @@
     'ssh_dc_private_key' : r'-----BEGIN EC PRIVATE KEY-----',
     'pgp_private_block' : r'-----BEGIN PGP PRIVATE KEY BLOCK-----',
     'json_web_token' : r'ey[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$',
-    'slack_token' : r"\"api_token\":\"(xox[a-zA-Z]-[a-zA-Z0-9-]+)\"",
-    'SSH_privKey' : r"([-]+BEGIN [^\s]+ PRIVATE KEY[-]+[\s]*[^-]*[-]+END [^\s]+ PRIVATE KEY[-]+)",
+    'slack_token' : r"\"api_token\":\"\(xox[a-zA-Z]-[a-zA-Z0-9-]+\)\"",
+    'SSH_privKey' : r"\([-]+BEGIN [^\s]+ PRIVATE KEY[-]+[\s]*[^-]*[-]+END [^\s]+ PRIVATE KEY[-]+\)",
     'Heroku API KEY' : r'[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}',
-    'possible_Creds' : r"(?i)(" \
+    'possible_Creds' : r"\(?i\)\(" \
                     r"password\s*[`=:\"]+\s*[^\s]+|" \
                     r"password is\s*[`=:\"]*\s*[^\s]+|" \
                     r"pwd\s*[`=:\"]*\s*[^\s]+|" \
-                    r"passwd\s*[`=:\"]+\s*[^\s]+)",
+                    r"passwd\s*[`=:\"]+\s*[^\s]+\)",
 }
 
 _template = '''
@@ -155,6 +156,7 @@ def getContext(matches,content,name,rex='.+?'):
         if i not in matches2:
             matches2.append(i)
     for m in matches2:
+        m = m.replace('(','\\(').replace(')','\\)') # Escape parenthesis to avoid regex error
         context = re.findall('%s%s%s'%(rex,m,rex),content,re.IGNORECASE)
 
         item = {
@@ -353,7 +355,7 @@ def send_request(url):
         'Accept-Encoding' : 'gzip'
     }
     if args.headers:
-        for i in args.header.split('\\n'):
+        for i in args.headers.split('\\n'):
             # replace space and split
             name,value = i.replace(' ','').split(':')
             headers[name] = value
@@ -377,6 +379,7 @@ def send_request(url):
             headers = headers,
             proxies = proxies
         )
+        time.sleep(float(args.delay)) # 0 by default
         return resp.content.decode('utf-8','replace')
     except Exception as err:
         print(err)
@@ -394,6 +397,7 @@ def send_request(url):
     parser.add_argument("-n","--only",help="Process js url, if it contain the provided string (string;string2..)",action="store",default="")
     parser.add_argument("-H","--headers",help="Set headers (\"Name:Value\\nName:Value\")",action="store",default="")
     parser.add_argument("-p","--proxy",help="Set proxy (host:port)",action="store",default="")
+    parser.add_argument("-d", "--delay", help="Set delay between requests (i.e. 1 second=1, 500ms=0.5)", action="store", default=0)
     args = parser.parse_args()
 
     if args.input[-1:] == "/":
@@ -416,6 +420,13 @@ def send_request(url):
             'custom_regex' : args.regex
         })
 
+    try:
+        if float(args.delay) < 0:
+            raise ValueError
+    except ValueError:
+        print("The delay must be a positive number.")
+        sys.exit()
+
     if args.extract:
         content = send_request(args.input)
         urls = extractjsurl(content,args.input)