Blacklist3r – Accumulate Secret Keys / Secret Materials Related To Various Web Frameworks

Main / Blacklist3r – Accumulate Secret Keys / Secret Materials Related To Various Web Frameworks

Discription

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0aNse5IFkAOlAmTMF7nAK2FV-Z8RHu8RArkixIyq8ldbWS5P0bR3uUNBYEHFbdrKArewTQoaTnatNC5mGfrPJf_jLVNxXIjaV-NrxS4KEkAoqtQgE0taY58UZIRSMoYmD4p0D7ZSMpM_delzWebaDxnEvMWiKFlipyYiyqQC8u8Z-962znjcoiYhrGEIM/w640-h484/Blacklist3r.png)]()

The goal of this project is to accumulate the [secret keys]( “secret keys” ) / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target application and verify the usage of these pre-published keys.

We are releasing this project with.Net machine key tool to identify usage of pre-shared Machine Keys in the application for [encryption]( “encryption” ) and [decryption]( “decryption” ) of forms [authentication]( “authentication” ) cookie.

Note: Requires Visual Studio 2019, not 2022. Visual Studio 2022 does not support .NET Framework 4.5, which this repo relies on.

## References:

* [Project Blacklist3r]( “Project Blacklist3r” )
* [Identify and Exploit ViewState Deserialization]( “Identify and Exploit ViewState Deserialization” )

## Mention

* [ASP.NET ]( “ASP.NET” )[Cryptography]( “Cryptography” ) for Pentesters
* [Customising Blacklist3r for OWIN OAuth Access Tokens]( “Customising Blacklist3r for OWIN OAuth Access Tokens” )

**[Download Blacklist3r]( “Download Blacklist3r” )**Read More

References

Back to Main

Subscribe for the latest news: