Exploit: ak leakage
扫描用户指定的目录,在其文件中寻找可用的AK/证书/配置文件等敏感信息,常用于攻破容器之后发现其中存在一些代码文件(如python/php)等,可以使用该脚本自动提取代码文件中泄露的AK。
Scanning target dir to find access key/secret written in codes. When you attack into a container and find source code project dir(e.g. local python/php projects), it can help you to extract AKs automatically.
./cdk run ak-leakage <dir>
./cdk run ak-leakage /var/www/html/php-app
See https://github.com/Xyntax/CDK/blob/main/conf/exploit_conf.go
edit this file add your own AK regex rules and rebuild cdk.