├── README.md └── endpoint_finder.js /README.md: -------------------------------------------------------------------------------- 1 | # endlets 2 | Bookmarklet to find endpoints easily with one click 3 | 4 | ![image](https://github.com/0dayCTF/endlets/assets/44453666/5429cb2a-804b-416f-bf4a-5db0aef11086) 5 | This is a powerful JavaScript bookmarklet designed to find and display all endpoint URLs within a webpage by recursively fetching and processing scripts. This tool is useful for developers, security researchers, and bug hunters. 6 | 7 | ## Installation 8 | Open your browser's bookmarks manager. 9 | Create a new bookmark. 10 | Set the bookmark's name to "Show Endpoints". 11 | ## Copy the following JavaScript code and set it as the URL for the bookmark: 12 | ```javascript 13 | javascript:(function(){var regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g;const results=new Set();function fetchAndProcess(url,depth){if(depth>3)return;fetch(url).then(response=>response.text()).then(scriptContent=>{var matches=scriptContent.matchAll(regex);for(let match of matches){let scriptUrl=match[0];results.add(scriptUrl);if(scriptUrl.startsWith("/")){scriptUrl=window.location.origin+scriptUrl;}fetchAndProcess(scriptUrl,depth+1);}}).catch(error=>{console.log("An error occurred while fetching script:",error);});}function processScripts(){var scripts=document.getElementsByTagName("script");for(var i=0;i{document.write(result+"
");});}processScripts();processPageContent();setTimeout(writeResults,5000);})(); 14 | ``` 15 | ## Usage 16 | Navigate to the webpage you want to analyze. 17 | Click on the "Show Endpoints" bookmark. 18 | Wait a few seconds for the bookmarklet to fetch and process the scripts. 19 | The extracted endpoints will be displayed on the page. 20 | This will also work on mobile browsers if you sync your bookmarks. 21 | 22 | *warning -- If you're authenicated, this script will sometimes emulate behavior on your behalf.* 23 | ## How It Works 24 | Regular Expression: Uses a regular expression to match endpoint URLs within scripts. 25 | Recursive Fetching: Fetches script content recursively up to a specified depth (default is 3) to ensure deeper analysis. 26 | Result Display: Extracted URLs are collected in a Set to ensure uniqueness and then written to the document for easy viewing. 27 | ## Customization 28 | Recursion Depth: Adjust the recursion depth by modifying the if(depth>3)return; line in the bookmarklet code. 29 | Timeout Duration: Change the timeout duration by modifying the setTimeout(writeResults, 5000); line to allow more or less time for script fetching. 30 | Limitations 31 | CORS Restrictions: Some scripts may not be fetchable due to cross-origin resource sharing (CORS) policies. 32 | Depth Limit: The recursion depth is limited to prevent infinite loops, but this can be adjusted if needed. 33 | Browser Compatibility: The bookmarklet is designed to work in modern browsers with JavaScript enabled. 34 | ## Contributing 35 | I welcome contributions! If you have suggestions for improvements or new features, please open an issue or submit a pull request :) 36 | -------------------------------------------------------------------------------- /endpoint_finder.js: -------------------------------------------------------------------------------- 1 | javascript:(function(){var regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g;const results=new Set();function fetchAndProcess(url,depth){if(depth>3)return;fetch(url).then(response=>response.text()).then(scriptContent=>{var matches=scriptContent.matchAll(regex);for(let match of matches){let scriptUrl=match[0];results.add(scriptUrl);if(scriptUrl.startsWith("/")){scriptUrl=window.location.origin+scriptUrl;}fetchAndProcess(scriptUrl,depth+1);}}).catch(error=>{console.log("Error: ",error);});}function processScripts(){var scripts=document.getElementsByTagName("script");for(var i=0;i{document.write(result+"
");});}processScripts();processPageContent();setTimeout(writeResults,5000);})(); 2 | --------------------------------------------------------------------------------