-
Full-featured JavaScript recon automation (JSFScan.sh)
-
Find JavaScript files with httpx and subjs
-
Find javascript files using gau and httpx
-
Extract API endpoints from javascript files
-
Find hidden GET parameters in javascript files
-
get api key
Full-featured JavaScript recon automation (JSFScan.sh)
https://github.com/KathanP19/JSFScan.sh
bash JSFScan.sh -l targets.txt -e -s -m -o outdir
Find JavaScript files with httpx and subjs
cat domains | httpx -silent | subjs | anew
https://github.com/projectdiscovery/httpx https://github.com/tomnomnom/anew https://github.com/lc/subjs
Find javascript files using gau and httpx
echo target.com | gau | grep '.js$' | httpx -status-code -mc 200 -content-type | grep 'application/javascript'
https://github.com/projectdiscovery/httpx https://github.com/lc/gau
Extract API endpoints from javascript files
cat file.js | grep -aoP "(?<=("|'|`))/[a-zA-Z0-9_?&=/-#.]*(?=("|'|`))" | sort -u
Find hidden GET parameters in javascript files
assetfinder example.com | gau | egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "e[1;33m$urlne[1;32m$vars"; done
https://github.com/tomnomnom/assetfinder https://github.com/lc/gau
get api key
https://github.com/System00-Security/API-Key-regex
cat file.js | grep API_REGEX
原文始发于微信公众号(迪哥讲事):js发现和敏感信息提取的几个资源
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论