├── README.md
└── endpoint_finder.js


/README.md:
--------------------------------------------------------------------------------
 1 | # endlets
 2 | Bookmarklet to find endpoints easily with one click
 3 | 
 4 | ![image](https://github.com/0dayCTF/endlets/assets/44453666/5429cb2a-804b-416f-bf4a-5db0aef11086)
 5 | This is a powerful JavaScript bookmarklet designed to find and display all endpoint URLs within a webpage by recursively fetching and processing scripts. This tool is useful for developers, security researchers, and bug hunters.
 6 | 
 7 | ## Installation
 8 | Open your browser's bookmarks manager.
 9 | Create a new bookmark.
10 | Set the bookmark's name to "Show Endpoints".
11 | ## Copy the following JavaScript code and set it as the URL for the bookmark:
12 | ```javascript
13 | javascript:(function(){var regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g;const results=new Set();function fetchAndProcess(url,depth){if(depth>3)return;fetch(url).then(response=>response.text()).then(scriptContent=>{var matches=scriptContent.matchAll(regex);for(let match of matches){let scriptUrl=match[0];results.add(scriptUrl);if(scriptUrl.startsWith("/")){scriptUrl=window.location.origin+scriptUrl;}fetchAndProcess(scriptUrl,depth+1);}}).catch(error=>{console.log("An error occurred while fetching script:",error);});}function processScripts(){var scripts=document.getElementsByTagName("script");for(var i=0;i<scripts.length;i++){var src=scripts[i].src;if(src){fetchAndProcess(src,0);}}}function processPageContent(){var pageContent=document.documentElement.outerHTML;var matches=pageContent.matchAll(regex);for(const match of matches){let scriptUrl=match[0];results.add(scriptUrl);if(scriptUrl.startsWith("/")){scriptUrl=window.location.origin+scriptUrl;}fetchAndProcess(scriptUrl,0);}}function writeResults(){results.forEach(result=>{document.write(result+"<br>");});}processScripts();processPageContent();setTimeout(writeResults,5000);})();
14 | ```
15 | ## Usage
16 | Navigate to the webpage you want to analyze.
17 | Click on the "Show Endpoints" bookmark.
18 | Wait a few seconds for the bookmarklet to fetch and process the scripts.
19 | The extracted endpoints will be displayed on the page.
20 | This will also work on mobile browsers if you sync your bookmarks.
21 |   
22 | *warning -- If you're authenicated, this script will sometimes emulate behavior on your behalf.*  
23 | ## How It Works
24 | Regular Expression: Uses a regular expression to match endpoint URLs within scripts.  
25 | Recursive Fetching: Fetches script content recursively up to a specified depth (default is 3) to ensure deeper analysis.  
26 | Result Display: Extracted URLs are collected in a Set to ensure uniqueness and then written to the document for easy viewing.  
27 | ## Customization
28 | Recursion Depth: Adjust the recursion depth by modifying the if(depth>3)return; line in the bookmarklet code.  
29 | Timeout Duration: Change the timeout duration by modifying the setTimeout(writeResults, 5000); line to allow more or less time for script fetching.  
30 | Limitations
31 | CORS Restrictions: Some scripts may not be fetchable due to cross-origin resource sharing (CORS) policies.
32 | Depth Limit: The recursion depth is limited to prevent infinite loops, but this can be adjusted if needed.
33 | Browser Compatibility: The bookmarklet is designed to work in modern browsers with JavaScript enabled.
34 | ## Contributing
35 | I welcome contributions! If you have suggestions for improvements or new features, please open an issue or submit a pull request :)
36 | 


--------------------------------------------------------------------------------
/endpoint_finder.js:
--------------------------------------------------------------------------------
1 | javascript:(function(){var regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g;const results=new Set();function fetchAndProcess(url,depth){if(depth>3)return;fetch(url).then(response=>response.text()).then(scriptContent=>{var matches=scriptContent.matchAll(regex);for(let match of matches){let scriptUrl=match[0];results.add(scriptUrl);if(scriptUrl.startsWith("/")){scriptUrl=window.location.origin+scriptUrl;}fetchAndProcess(scriptUrl,depth+1);}}).catch(error=>{console.log("Error: ",error);});}function processScripts(){var scripts=document.getElementsByTagName("script");for(var i=0;i<scripts.length;i++){var src=scripts[i].src;if(src){fetchAndProcess(src,0);}}}function processPageContent(){var pageContent=document.documentElement.outerHTML;var matches=pageContent.matchAll(regex);for(const match of matches){let scriptUrl=match[0];results.add(scriptUrl);if(scriptUrl.startsWith("/")){scriptUrl=window.location.origin+scriptUrl;}fetchAndProcess(scriptUrl,0);}}function writeResults(){results.forEach(result=>{document.write(result+"<br>");});}processScripts();processPageContent();setTimeout(writeResults,5000);})();
2 | 


--------------------------------------------------------------------------------