├── LICENSE
├── requirements.sh
├── README.md
└── js_snooper.sh


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2024 Gnana Aravind K
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/requirements.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Check if Go is installed
 4 | if ! command -v go &> /dev/null; then
 5 |     echo "Error: Go is not installed. Please install Go from https://golang.org/dl/ and try again, or try running 'export PATH=\$PATH:/usr/local/go/bin'."
 6 |     exit 1
 7 | fi
 8 | 
 9 | # Check if Katana is already installed
10 | if command -v katana &> /dev/null; then
11 |     echo "Katana is already installed."
12 | else
13 |     # Install Katana
14 |     echo "Installing Katana..."
15 |     go install github.com/projectdiscovery/katana/cmd/katana@latest
16 | 
17 |     # Check if installation was successful
18 |     if [ $? -eq 0 ]; then
19 |         echo "Copying Katana to /usr/local/bin..."
20 |         sudo cp "$(go env GOPATH)/bin/katana" /usr/local/bin/
21 |         echo "Katana copied successfully!"
22 |     else
23 |         echo "Error: Katana installation failed."
24 |         exit 1
25 |     fi
26 | fi
27 | 
28 | # Clone SecretFinder if not already present
29 | if [ ! -d "SecretFinder" ]; then
30 |     echo "Cloning SecretFinder..."
31 |     git clone https://github.com/m4ll0k/SecretFinder.git
32 | else
33 |     echo "SecretFinder already present."
34 | fi
35 | 
36 | # Install Python dependencies for SecretFinder
37 | echo "Installing Python dependencies for SecretFinder..."
38 | cd SecretFinder
39 | chmod +x *
40 | pip install -r requirements.txt
41 | echo
42 | echo "Installation completed successfully! Carry-on with JS-Snooper..."
43 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ![logo](https://github.com/aravind0x7/JS-Snooper/assets/97963390/b1f23266-e3d0-47cb-9920-f56a0880eec2)
 2 | # JS-Snooper 🕵️‍♂️
 3 | JS-Snooper is a powerful tool designed to hunt for sensitive information hidden within JavaScript files on websites. It automates the process of scanning websites for JavaScript files and identifies potentially sensitive information using pre-written tools Katana and SecretFinder.
 4 | 
 5 | ## Features
 6 | 
 7 | - Automated scanning of websites for JavaScript files
 8 | - Detection of sensitive information within JavaScript files
 9 | - Easy-to-use command-line interface
10 | - Quick setup with minimal dependencies
11 | - Colorful and pleasant user experience
12 | 
13 | ## Prerequisites
14 | 
15 | Before using JS-Snooper, make sure you have the following prerequisites installed:
16 | 
17 | - Go (for Katana)
18 | - Python 3 and pip (for SecretFinder)
19 | - Git (for cloning SecretFinder)
20 | 
21 | ## Installation
22 | 
23 | Clone the JS-Snooper repository:
24 | 
25 | ```bash
26 | git clone https://github.com/aravind0x7/JS-Snooper.git
27 | cd JS-Snooper
28 | chmod +x *
29 | ```
30 | 
31 | Run the installation script to set up the tool:
32 | 
33 | ```bash
34 | bash requirements.sh
35 | ```
36 | 
37 | Follow the on-screen instructions to complete the installation. The `requirements.sh` script will install Katana, clone SecretFinder, and install Python dependencies.
38 | 
39 | ## Usage
40 | 
41 | Once installed, you can use JS-Snooper to scan a website for sensitive information in JavaScript files. Simply run the script and follow the prompts:
42 | 
43 | ```bash
44 | bash js_snooper.sh
45 | ```
46 | 
47 | Follow the on-screen prompts to enter the domain name of the website you want to scan.
48 | 
49 | ## Screenshots
50 | 
51 | ![image](https://github.com/aravind0x7/JS-Snooper/assets/97963390/c6872c34-5c25-4098-8431-bcef7f8d93bf)
52 | 
53 | ![image](https://github.com/aravind0x7/JS-Snooper/assets/97963390/646814b4-2415-450b-b89a-365ac15b4139)
54 | 
55 | 
56 | ## License
57 | 
58 | This project is licensed under the MIT License - see the [LICENSE](https://github.com/aravind0x7/JS-Snooper/blob/main/LICENSE) file for details.
59 | 
60 | ## Author
61 | Gnana Aravind K ([aravind0x7](www.aravind0x7.in))
62 | 
63 | ## Credits
64 | 
65 | - [ProjectDiscovery Katana](https://github.com/projectdiscovery/katana)
66 | - [SecretFinder](https://github.com/m4ll0k/SecretFinder)
67 | 
68 | ## Compatibility
69 | 
70 | Tested on,
71 | - Kali Linux (Latest Version)
72 | 
73 | ## Version
74 | 
75 | - Current, JS-Snooper Version 1.0
76 | 
77 | ## Guides and Blogs
78 | 
79 | - https://medium.com/@aravind07/js-snooper-get-more-bounty-with-easy-bugs-9d7b410f070e
80 | 
81 | 


--------------------------------------------------------------------------------
/js_snooper.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Color codes
  4 | RED='\033[0;31m'
  5 | GREEN='\033[0;32m'
  6 | YELLOW='\033[0;33m'
  7 | NC='\033[0m' # No Color
  8 | 
  9 | # Function to display the tool banner
 10 | display_banner() {
 11 |     # Color codes
 12 |     echo -e "${RED}######################################################################${NC}"
 13 |     echo -e "${RED}#${NC}      ${YELLOW}_  ____         ____                                          ${RED}#${NC}"
 14 |     echo -e "${RED}#${NC}     ${YELLOW}| |/ ___|       / ___|  _ __    ___    ___   _ __    ___  _ __ ${RED}#${NC}"
 15 |     echo -e "${RED}#${NC}  ${YELLOW}_  | |\___ \  _____\___ \ | '_ \  / _ \  / _ \ | '_ \  / _ \| '__|${RED}#${NC}"
 16 |     echo -e "${RED}#${NC} ${YELLOW}| |_| | ___) ||_____|___) || | | || (_) || (_) || |_) ||  __/| |   ${RED}#${NC}"
 17 |     echo -e "${RED}#${NC}  ${YELLOW}\___/ |____/       |____/ |_| |_| \___/  \___/ | .__/  \___||_|   ${RED}#${NC}"
 18 |     echo -e "${RED}#${NC}                                                 ${YELLOW}|_|                ${RED}#${NC}"
 19 |     echo -e "${RED}######################################################################${NC}"
 20 |     echo -e "${YELLOW}                              Version 1.0${NC}"
 21 |     echo -e "${YELLOW}                Author: aravind0x7 - www.aravind0x7.in${NC}"
 22 |     echo
 23 |     echo -e "${GREEN}Welcome to the JS-Snooper! Your bloodhound for hidden info in those JS files.${NC}"
 24 |     echo
 25 | }
 26 | 
 27 | # Function to display usage information
 28 | display_usage() {
 29 |     echo -e "${GREEN}Usage:${NC}"
 30 |     echo "  bash js_snooper.sh <domain>"
 31 |     echo
 32 |     echo -e "${GREEN}Example:${NC}"
 33 |     echo "  bash js_snooper.sh example.com"
 34 |     echo
 35 | }
 36 | 
 37 | # Function to check prerequisites
 38 | check_prerequisites() {
 39 |     # Check if Katana is installed
 40 |     if ! command -v katana &> /dev/null; then
 41 |         echo -e "${YELLOW}Katana is not installed. Please install it from https://github.com/projectdiscovery/katana and try again.${NC}"
 42 |         exit 1
 43 |     fi
 44 | 
 45 |     # Check if SecretFinder is installed
 46 |     if [ ! -d "SecretFinder" ]; then
 47 |         echo -e "${YELLOW}SecretFinder directory not found. Please clone SecretFinder from https://github.com/m4ll0k/SecretFinder and try again.${NC}"
 48 |         exit 1
 49 |     fi
 50 | }
 51 | 
 52 | # Function to run Katana and save output to a text file
 53 | run_katana() {
 54 |     domain="$1"
 55 |     echo -e "${GREEN}Running Katana on $domain...${NC}"
 56 |     mkdir -p "$domain"
 57 |     katana -list "$domain" -d 5 -jc | grep ".js$"  | uniq | sort -o "$domain/js.txt"
 58 |     echo -e "${GREEN}Katana finished. Results saved to $domain/js.txt${NC}"
 59 | }
 60 | 
 61 | # Function to run SecretFinder on the output file produced by Katana
 62 | run_secretfinder() {
 63 |     domain="$1"
 64 |     echo -e "${GREEN}Running SecretFinder on JS files...${NC}"
 65 |     
 66 |     # Check if the file exists
 67 |     if [ ! -f "$domain/js.txt" ]; then
 68 |         echo -e "${YELLOW}File $domain/js.txt not found.${NC}"
 69 |         exit 1
 70 |     fi
 71 |     
 72 |     # Run SecretFinder on each URL in the file
 73 |     cat "$domain/js.txt" | while read -r url; do
 74 |         python3 SecretFinder/SecretFinder.py -i "$url" -o cli
 75 |     done
 76 | }
 77 | 
 78 | # Main script
 79 | 
 80 | # Display banner
 81 | display_banner
 82 | 
 83 | # Display usage information
 84 | display_usage
 85 | 
 86 | # Check prerequisites
 87 | check_prerequisites
 88 | 
 89 | # Prompt for the domain name
 90 | if [ -z "$1" ]; then
 91 |     read -p "Enter the domain name: " domain
 92 |     echo
 93 | else
 94 |     domain="$1"
 95 |     echo
 96 | fi
 97 | 
 98 | # Run Katana
 99 | run_katana "$domain"
100 | 
101 | # Run SecretFinder
102 | run_secretfinder "$domain"
103 | 


--------------------------------------------------------------------------------