Find Access Tokens with FFUF and GAU

By /

Listen to this Post

In the world of cybersecurity, discovering exposed access tokens is crucial for penetration testers and ethical hackers. Tools like FFUF (Fuzz Faster U Fool) and GAU (Get All URLs) can help automate this process efficiently.

You Should Know: FFUF and GAU for Access Token Discovery

1. Installing FFUF and GAU

Before using these tools, ensure they are installed on your Linux system:

 Install FFUF 
go install github.com/ffuf/ffuf@latest

Install GAU 
go install github.com/lc/gau@latest

2. Gathering URLs with GAU

GAU fetches known URLs from various sources, including Wayback Machine and Common Crawl.

gau example.com | tee urls.txt

3. Fuzzing for Access Tokens with FFUF

Use FFUF to scan for exposed tokens in the gathered URLs:

ffuf -w urls.txt -u FUZZ -H "Authorization: Bearer FUZZ" -mr "token"

4. Filtering Valid Tokens

Extract potential tokens and verify them:

cat urls.txt | grep -Eo "access_token=[^&]+" | cut -d '=' -f2 > tokens.txt

5. Automating the Process

Combine GAU and FFUF in a script:

!/bin/bash 
domain=$1 
gau $domain | tee urls.txt 
ffuf -w urls.txt -u FUZZ -H "Authorization: Bearer FUZZ" -mr "token" -o results.json

6. Checking Token Validity

Use `curl` to verify if tokens are active:

while read token; do 
curl -H "Authorization: Bearer $token" https://api.example.com/user -s -o /dev/null -w "%{http_code}\n" 
done < tokens.txt

What Undercode Say

Finding exposed access tokens is a critical step in penetration testing. Automation with GAU and FFUF speeds up reconnaissance, but always ensure proper authorization before testing.

Additional Useful Commands

  • Extracting JWT Tokens from Logs:
    grep -E "eyJ[A-Za-z0-9_-].[A-Za-z0-9_-].[A-Za-z0-9_-]" logs.txt

  • Decoding JWT Tokens:

    echo "JWT_TOKEN" | jq -R 'split(".") | .[bash],.[bash] | @base64d | fromjson'

  • Checking API Rate Limits:

    curl -I -H "Authorization: Bearer TOKEN" https://api.example.com

  • Windows Equivalent (PowerShell):

    (Invoke-WebRequest -Uri "https://api.example.com" -Headers @{"Authorization"="Bearer TOKEN"}).StatusCode

Expected Output:

A list of potential access tokens and their HTTP validation status.

Relevant Course URLs:

  1. Advanced Penetration Testing
  2. Ethical Hacking Masterclass
  3. Web Security Fundamentals

References:

Reported By: Zlatanh Find – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: