├── README.md ├── install.sh └── run.sh /README.md: -------------------------------------------------------------------------------- 1 | # Iris-JS 2 | 3 | I made this script to automate some of the Task mentioned by [M4ll0k](https://gist.github.com/m4ll0k/31ce0505270e0a022410a50c8b6311ff) 4 | It will help you gather JS endpoints and look for creds and juicy strings / words 5 | 6 | # Installation 7 | 8 | After cloning the repo you can run `./install.sh` it will automatically install the dependencies needed and the tools used to perform the recon 9 | 10 | ``` 11 | chmod +x install.sh 12 | ./install.sh 13 | ``` 14 | 15 | # Usage 16 | 17 | `./run.sh target.com` 18 | 19 | # Process 20 | * This will run [getallurls](https://github.com/lc/gau) and find `Json/JS` files 21 | * Check the alive ones only 22 | * Send the to Linkfinder to find `Paths` (can be used to build your own wordlist) 23 | * Pipe all the Collector for better output for `links` `paths` `params` found 24 | * Check which domains are available for purchase 25 | * Checking secrets with `Secretfinder` 26 | 27 | # Contributing 28 | Contributions are very welcome 🙌 🤓 29 | 30 | 31 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Script works in current directory 4 | 5 | # https://golang.org/doc/install#install 6 | 7 | export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$HOME/go/bin:$HOMEDIR/go/bin 8 | third_party_go_dependencies(){ 9 | gotools[0]="go get -v -u github.com/lc/gau" 10 | gotools[1]="go get -v -u github.com/tomnomnom/hacks/anti-burl" 11 | gotools[2]="go get -v -u github.com/ffuf/ffuf" 12 | 13 | 14 | echo "Installing Go tools" 15 | for gotool in "${gotools[@]}"; do 16 | #TOOL= echo "$gotool" | cut -d '/' -f3 17 | $gotool 18 | done 19 | } 20 | third_party_python_dependencies(){ 21 | pytools[0]="git clone https://github.com/GerbenJavado/LinkFinder" 22 | pytools[1]="git clone https://github.com/m4ll0k/Bug-Bounty-Toolz" 23 | pytools[2]="git clone https://github.com/m4ll0k/SecretFinder" 24 | 25 | echo "Installing Python Tools" 26 | for pytools in "${pytools[@]}";do 27 | $pytools 28 | done 29 | } 30 | 31 | main(){ 32 | third_party_go_dependencies 33 | third_party_python_dependencies 34 | } 35 | main 36 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Declaring Vars 4 | LINKFINDER=$(pwd)/LinkFinder/linkfinder.py 5 | SECRETFINDER=$(pwd)/SecretFinder/SecretFinder.py 6 | COLLECTOR=$(pwd)/Bug-Bounty-Toolz/collector.py 7 | AVAILABLE=$(pwd)/Bug-Bounty-Toolz/availableForPurchase.py 8 | OUTPUT=$(pwd)/jsrez 9 | TARGET=$1 10 | 11 | if [ $# -eq 0 ]; then 12 | echo "Error" 13 | usage 14 | exit 1 15 | fi 16 | 17 | ## Starting Gau ### 18 | getallurls(){ 19 | echo "[+] Starting Gau" ; gau $TARGET |grep -iE '.(\.json$|\.js$)' | sort -u | tee -a "$OUTPUT/$TARGET-JS.txt" 20 | } 21 | 22 | anti-burl(){ 23 | ~/go/bin/anti-burl "$OUTPUT/$TARGET-JS.txt" | awk -F ' ' '{print $4}' | tee -a "$OUTPUT/$TARGET-JSAlive.txt" 24 | } 25 | findlinks(){ 26 | ## cat paypalJS.txt|xargs -n2 -I @ bash -c 'echo -e "\n[URL] @\n";python3 linkfinder.py -i @ -o cli' >> paypalJsSecrets.txt 27 | echo "[+] Starting Linkfinder" ; for link in $(cat "$OUTPUT/$TARGET-JSAlive.txt"); do echo "[+] URL $link" ; python3 $LINKFINDER -i $link -o cli | grep -oiaE "https?://[^\"\\'> ]+" ;done | tee -a "$OUTPUT/$TARGET-JSPathsWithUrl-Unfiltered.txt" 28 | cat "$OUTPUT/$TARGET-JSPathsWithUrl-Unfiltered.txt" | grep -v "[+]" >> "$OUTPUT/$TARGET-JSPathsWithUrl.txt" 29 | cat "$OUTPUT/$TARGET-JSPathsWithUrl.txt" | grep -iv '[URL]:' || sort -u | tee -a "$OUTPUT/$TARGET-JSPathsNoUrl.txt" 30 | } 31 | collector(){ 32 | echo "[+] Parsing to Collector" ; for link in $(cat "$OUTPUT/$TARGET-JSAlive.txt");do python3 $LINKFINDER -i $link -o cli;done | python3 $COLLECTOR output 33 | } 34 | available(){ 35 | echo "[+] Available for purchase" ; cat output/urls.txt | python3 $AVAILABLE 36 | } 37 | secret(){ 38 | echo "[+] Running SecretFinder" ; for link in $(cat "$OUTPUT/$TARGET-JSAlive.txt"); do python3 $SECRETFINDER -i $link -o cli;done | tee -a "$OUTPUT/$TARGET-Secrets.txt" 39 | } 40 | logo(){ 41 | echo "[+] Javascript Recon Process on $TARGET" 42 | } 43 | usage(){ 44 | echo "./run.sh target" 45 | } 46 | main(){ 47 | 48 | logo 49 | getallurls 50 | anti-burl 51 | findlinks 52 | secret 53 | collector 54 | available 55 | } 56 | 57 | main 58 | exit 0 --------------------------------------------------------------------------------