├── README.md
├── dorkScraper.py
└── js-recon.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # Automation-JS-Recon
 2 | This tools used for Automating finding of subdomain also finding login endpoint on the target domain, and checking for alive subdomain, and gathering js files from all the subdomain and then automating finding of sensitive information on all the js files
 3 | 
 4 | # What this tools using
 5 | Use subfinder to find subdomains and save them to subdomain.txt.
 6 | 
 7 | Use dorkscaper.py to find all login endpoint on the target domain
 8 | 
 9 | Use lucek to check for alive subdomains and save them to alive_subs.txt.
10 | 
11 | Use waybackurls to fetch URLs and save them to wayback.txt.
12 | 
13 | Filter out JavaScript files from the fetched URLs and save them to js.txt.
14 | 
15 | Use nuclei to analyze the JavaScript files and save potential secrets to potential_secrets.txt.
16 | 
17 | # Requirements
18 | subfinder : https://github.com/projectdiscovery/subfinder
19 | 
20 | LUcek : https://github.com/rootbakar/LUcek
21 | 
22 | waybackurls : https://github.com/tomnomnom/waybackurls
23 | 
24 | nuclei : https://github.com/projectdiscovery/nuclei
25 | 
26 | 
27 | 


--------------------------------------------------------------------------------
/dorkScraper.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | 
  3 | # Dork Scraper
  4 | #
  5 | # ORHOund is free software: you can redistribute it and/or modify
  6 | # it under the terms of the GNU General Public License as published by
  7 | # the Free Software Foundation, either version 3 of the License, or
  8 | # (at your option) any later version.
  9 | #
 10 | # Knock is distributed in the hope that it will be useful,
 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13 | # GNU General Public License for more details.
 14 | #
 15 | # You should have received a copy of the GNU General Public License
 16 | # along with Knock. If not, see <http://www.gnu.org/licenses/>.
 17 | 
 18 | # Python libraries
 19 | import sys
 20 | import time
 21 | try:
 22 |     from googlesearch import search
 23 | except ImportError: 
 24 |     print("No module named 'google' found")
 25 | 
 26 | class colors:
 27 |     HEADER = '\033[1;35m'
 28 |     OKBLUE = '\033[94m'
 29 |     OKCYAN = '\033[96m'
 30 |     OKCYANL = '\033[1;36m'
 31 |     OKGREEN = '\033[92m'
 32 |     OKGREENL = '\033[1;32m' 
 33 |     OKREDL = '\033[1;31m' 
 34 |     WARNING = '\033[93m'
 35 |     FAIL = '\033[91m'
 36 |     ENDC = '\033[0m'
 37 |     BOLD = '\033[1m'
 38 |     UNDERLINE = '\033[4m'
 39 | 
 40 | def banner():
 41 | 	print(colors.HEADER  + """
 42 |  ____             _     ____                                 
 43 | |  _ \  ___  _ __| | __/ ___|  ___ _ __ __ _ _ __   ___ _ __ 
 44 | | | | |/ _ \| '__| |/ /\___ \ / __| '__/ _` | '_ \ / _ \ '__|
 45 | | |_| | (_) | |  |   <  ___) | (__| | | (_| | |_) |  __/ |   
 46 | |____/ \___/|_|  |_|\_\|____/ \___|_|  \__,_| .__/ \___|_|   
 47 |                                             |_|                                                                   
 48 | """ + colors.ENDC)
 49 | 	print(colors.WARNING + "DorkScraper v.1.0 - Open Source Project | " + colors.OKGREEN + "Author: " + colors.WARNING + "Robotshell | " + colors.OKGREEN + "Twitter: " + colors.WARNING + "https://twitter.com/robotshelld\n" + colors.ENDC)
 50 | 
 51 | #CORE FUNCTION
 52 | def getUrls(dork,number_webs,enable_save,filename):
 53 | 
 54 | 	print (colors.OKCYAN + "Starting DorkScraper to recollect all the URLs that appear with the dork " + colors.FAIL + dork + colors.ENDC)
 55 | 	
 56 | 	pages = 0
 57 | 	
 58 | 	try:
 59 | 		for results in search(dork, tld="com", lang="es", num=number_webs, start=0, stop=None, pause=2):
 60 | 			print (results)
 61 | 			time.sleep(0.2)
 62 | 			
 63 | 			pages += 1
 64 | 			
 65 | 			if pages >= number_webs:
 66 | 				break
 67 | 			
 68 | 			data = (results)
 69 | 			
 70 | 			if enable_save == 1:
 71 | 				file = open(filename, "a")
 72 | 				file.write(str(data))
 73 | 				file.write("\n")
 74 | 				file.close()
 75 | 				
 76 | 	except HTTPError:
 77 | 		if e.code == 429:
 78 | 		     print (colors.FAIL + "ERROR: Too Many Requests detected\n" + colors.ENDC)
 79 | 		     print (colors.FAIL + "You need waiting a bit..." + colors.ENDC)
 80 | 
 81 | #MAIN FUNCTION
 82 | def main():
 83 | 	banner()
 84 | 	enable_save = 0
 85 | 	filename = ""
 86 | 
 87 | 	if len(sys.argv) == 1:
 88 | 		print (colors.FAIL + "ERROR: No dork or parameters found" + colors.ENDC)
 89 | 	elif len(sys.argv) == 2:
 90 | 		arg = sys.argv[1]
 91 | 		
 92 | 		if arg == "-h" or arg == "--help" :
 93 | 			print (colors.BOLD + "HELP SECTION:" + colors.ENDC)
 94 | 			print ("Usage:" + colors.OKCYAN + '\tdockerscraper.py "dork" number_of_websites' + colors.ENDC)
 95 | 			print ("Example:" + colors.OKCYAN + '\tdockerscraper.py "inurl:admin" 5 -s output.txt' + colors.ENDC)
 96 | 			print ("-d,--dork" + colors.OKCYAN + "\tSpecifies the dork to use in the tool" + colors.ENDC)
 97 | 			print ("-h,--help" + colors.OKCYAN + "\tThis help" + colors.ENDC)
 98 | 			print ("-v,--version" + colors.OKCYAN + "\tShow version" + colors.ENDC)
 99 | 			print ("-s,--save" + colors.OKCYAN + "\tEnable save output and specifies the output file" + colors.ENDC)
100 | 		elif arg == "-v" or arg == "--version":
101 | 			print (colors.WARNING + "DorkScraper v.1.0" + colors.ENDC)
102 | 		else:
103 | 			print (colors.FAIL + "ERROR: Incorrect argument or sintaxis" + colors.ENDC)
104 | 			
105 | 	elif len(sys.argv) > 2 and len(sys.argv) <= 6:
106 | 
107 | 		if sys.argv[1] == "-d" or sys.argv[1] == "--dork":
108 | 			
109 | 			dork = sys.argv[2]
110 | 			number_webs = int(sys.argv[3])
111 | 			
112 | 			if(len(sys.argv) > 4):
113 | 				if sys.argv[4] == "-s" or sys.argv[4] == "--save":
114 | 					enable_save = 1
115 | 					filename = sys.argv[5]
116 | 
117 | 			getUrls(dork,number_webs,enable_save,filename)
118 | 				
119 | main()


--------------------------------------------------------------------------------
/js-recon.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Prompt the user to enter the domain
 4 | echo "Please enter the domain (e.g., example.com):"
 5 | read DOMAIN
 6 | 
 7 | # Check if the user provided input
 8 | if [ -z "$DOMAIN" ]; then
 9 |   echo "No domain entered. Exiting..."
10 |   exit 1
11 | fi
12 | 
13 | # Step 1: Find subdomains using subfinder
14 | echo "[*] Finding subdomains for $DOMAIN..."
15 | subfinder -d "$DOMAIN" -o subdomain.txt
16 | 
17 | # Step 2: Check for alive subdomains using lucek
18 | echo "[*] Checking for alive subdomains..."
19 | cat subdomain.txt | lucek -ms 200 -ou alive_subs.txt
20 | 
21 | # Step 3: Find login endpoints using dorkScraper
22 | echo "[*] Finding login endpoints for $DOMAIN..."
23 | python3 dorkScraper.py -d "intitle:login+site:*.$DOMAIN" 200 -o login_endpoints.txt
24 | 
25 | # Step 4: Use waybackurls to gather URLs
26 | echo "[*] Fetching URLs from Wayback Machine..."
27 | cat alive_subs.txt | waybackurls | tee -a wayback.txt
28 | 
29 | # Step 5: Filter JavaScript files
30 | echo "[*] Filtering JavaScript files..."
31 | cat wayback.txt | grep -iE '.js' | grep -iEv '(.jsp|.json)' >> js.txt
32 | 
33 | # Step 6: Analyze JavaScript files using nuclei
34 | echo "[*] Analyzing JavaScript files for potential secrets..."
35 | nuclei -l js.txt -t /home/kali/.local/nuclei-templates/http/exposures -o potential_secrets.txt
36 | 
37 | echo "[*] Script completed. Results saved in potential_secrets.txt."
38 | 


--------------------------------------------------------------------------------