├── README.md ├── alive.txt ├── install.sh └── script.sh /README.md: -------------------------------------------------------------------------------- 1 | # JSScanner 2 | 3 | You can find the article related to this script here 4 | https://securityjunky.com/scanning-js-files-for-endpoint-and-secrets/ 5 | 6 | To install the required tools use 7 | ``` 8 | bash install.sh 9 | ``` 10 | 11 | Change the alive.txt with the domains you need to test. These should be in below format 12 | ``` 13 | http://example.com 14 | https://example2.com 15 | ``` 16 | 17 | To run the tool use 18 | ``` 19 | jsscanner path_to_alive.txt 20 | 21 | Eg. jsscanner alive.txt 22 | ``` 23 | 24 | 25 | Thanks to [@amiralkizaru](https://github.com/amiralkizaru), [@LifeHack3r](https://github.com/LifeHack3r) and [@g33kyshivam](https://github.com/g33kyshivam) for the contribution. 26 | -------------------------------------------------------------------------------- /alive.txt: -------------------------------------------------------------------------------- 1 | https://paypal.com 2 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cwd=$(pwd) 4 | 5 | mkdir -p ~/tools 6 | cd ~/tools 7 | 8 | if [[ ! -d ~/tools/LinkFinder ]] 9 | then 10 | git clone https://github.com/dark-warlord14/LinkFinder 11 | else 12 | printf "LinkFinder already present in tools folder...!\n\n" 13 | fi 14 | 15 | sudo apt install wget -y 16 | 17 | cd LinkFinder 18 | 19 | sudo pip3 install -r requirements.txt 20 | sudo python3 setup.py install 21 | pip install jsbeautifier 22 | 23 | echo "alias jsscanner='$cwd/script.sh'" >> ~/.bash_profile 24 | 25 | . ~/.bash_profile 26 | 27 | echo "All set bro, restart your terminal!" 28 | -------------------------------------------------------------------------------- /script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | GREEN='\033[0;32m' 4 | YELLOW='\033[0;33m' 5 | CYAN='\033[0;36m' 6 | END='\033[0m' 7 | 8 | QUOTES=( 9 | "Activating 1337 mode!" 10 | "Target uses Equifax-grade security." 11 | "ᕕ( ᐛ )ᕗ" 12 | "ᕕ( ᐕ )ᕗ" 13 | "三三ᕕ( ᐛ )ᕗ" 14 | "ᐠ( ᐛ )ᐟ" 15 | "Never gonna give you up." 16 | "Js pls." 17 | "Update pls." 18 | "Sleep is for the weak." 19 | "Grab a cuppa!" 20 | "js, js+ on steroids." 21 | "I am 100 percent natural." 22 | "A bug is never just a mistake. It represents something bigger. An error of thinking that makes you who you are." 23 | "You hack people. I hack time." 24 | "I hope you don't screw like you type." 25 | "Hack the planet!" 26 | "Crypto stands for cryptography." 27 | "PoC||GTFO" 28 | ) 29 | 30 | rand=$((RANDOM % ${#QUOTES[@]})) 31 | printf "${YELLOW}[i]${END} ${QUOTES[$rand]}\n" 32 | echo 33 | 34 | if [[ $# -eq 0 ]] ; then 35 | printf '\nNo Host File or URLs file Given!' 36 | printf '\n\nUsage: jsscanner path-to-urls-file\n\n' 37 | exit 0 38 | fi 39 | 40 | printf "${YELLOW}[+]${END} JSScanner started.\n" 41 | 42 | mkdir -p Jsscanner_results 43 | mkdir -p Jsscanner_results/js 44 | mkdir -p Jsscanner_results/db 45 | 46 | linkf=~/tools/LinkFinder/linkfinder.py 47 | 48 | for i in $(cat $1) 49 | do 50 | cd Jsscanner_results 51 | n1=$(echo $i | awk -F/ '{print $3}') 52 | n2=$(echo $i | awk -F/ '{print $1}' | sed 's/.$//') 53 | mkdir -p js/$n1-$n2 54 | mkdir -p db/$n1-$n2 55 | timeout 40 python3 $linkf -d -i $i -o cli > js/$n1-$n2/raw.txt 56 | 57 | jslinks=$(cat js/$n1-$n2/raw.txt | grep -oaEi "https?://[^\"\\'> ]+" | grep '\.js' | grep "$n1" | sort -u) 58 | 59 | if [[ ! -z $jslinks ]] 60 | then 61 | for js in $jslinks 62 | do 63 | python3 $linkf -i $js -o cli >> js/$n1-$n2/linkfinder.txt 64 | echo "$js" >> js/$n1-$n2/jslinks.txt 65 | #wget $js -P db/$n1-$n2/ -q 66 | filename=$(echo $js | awk -F/ '{print $(NF-0)}') 67 | curl -L --connect-timeout 10 --max-time 10 --insecure --silent $js | js-beautify - > db/$n1-$n2/$filename 2> /dev/null 68 | done 69 | fi 70 | cd .. 71 | printf "${GREEN}[+]${END} $i ${YELLOW}done${END}.\n" 72 | done 73 | 74 | printf "${YELLOW}[+]${END} Script is done.\n" 75 | printf "\n${YELLOW}[+]${END} Results stored in Jsscanner_results.\n" 76 | --------------------------------------------------------------------------------