DigDeep: A Sensitive Information Mining Tool for Penetration Testing
DigDeep is a Java‑based tool that efficiently extracts nearly one hundred types of high‑, medium‑, and low‑risk sensitive data from source files across cloud, mini‑program, app, and web environments, offering recursive scanning, risk‑level filtering, deduplication, and multi‑format export to aid security audits.
Introduction
DigDeep is a sensitive information mining tool for penetration testing, code audit, and source leak detection. Its core goal is to efficiently and accurately extract nearly one hundred categories of sensitive data from various source files (cloud security, mini‑programs, apps, web, etc.), addressing low manual efficiency and omission risk.
Project address: https://github.com/shine798/DigDeep
Tool Capabilities
1. Sensitive Information Detection Scope
High risk : passwords, cloud platform AccessKeys (Alibaba, Tencent, JD, Baidu, ByteDance, Kingsoft, Google), WeChat sessionkey, webhook, JWT token, AWS Key, Google OAuth Token, etc.
Medium risk : phone numbers, ID numbers, email, internal/public IP, MAC address, URL, WeChat/mini‑program APPID, enterprise WeChat/DingTalk corpid, encryption keys, etc.
Low risk : various cloud storage buckets (Alibaba, Tencent, Huawei, Amazon, Baidu, Google, Microsoft, JD), map API keys, etc.
Additional detection : Swagger, Druid paths, SQL error messages, directory traversal patterns, SSRF parameters, JSONP callback parameters, Source Map files, etc.
2. Practical Features
Recursive multi‑folder scanning to deeply mine sensitive data.
Quick filtering by risk level (high/medium/low) and data type.
One‑click export of results to TXT, JSON, or CSV.
Double‑click a result to highlight the matching line with five lines of context (HTML rendering, sensitive data in red) and locate the file precisely.
Right‑click to copy, export, or delete a single result.
Intelligent deduplication (e.g., duplicate URLs or WeChat APPIDs are kept only once).
Automatic skipping of binary files (.dex, .apk, .png, .jar, etc.) to improve scanning efficiency.
Real‑time progress bar and current file indicator for better large‑file scanning experience.
Usage
Environment requirement: Java runtime environment.
Start the tool with the command java -jar DigDeep.jar.
Workflow: select the source code folder to scan (e.g., decompiled mini‑program/app source, web front‑end source), click Start, then view, filter, preview, and export the sensitive information results.
Applicable Scenarios
Suitable for penetration testing and code audit processes to scan website source code, web front‑end (JS/HTML), decompiled app/mini‑program source files, etc., helping security personnel quickly locate hard‑coded keys, identity information, network addresses, and other sensitive data.
Conclusion
Project address: https://github.com/shine798/DigDeep
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Black & White Path
We are the beacon of the cyber world, a stepping stone on the road to security.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.