Pentest Book
Search…
JS
1
# JSScanner
2
# https://github.com/dark-warlord14/JSScanner
3
# https://securityjunky.com/scanning-js-files-for-endpoint-and-secrets/
4
bash install.sh
5
# Configure domain in alive.txt
6
bash script.sh
7
cat js/*
8
cd db && grep -oriahE "https?://[^\"\\'> ]+"
9
10
# https://github.com/KathanP19/JSFScan.sh
11
bash JSFScan.sh -l targets.txt -e -s -m -o
12
13
# https://github.com/bp0lr/linkz
14
15
# FindSecrets in JS files
16
https://github.com/m4ll0k/SecretFinder
17
python3 SecretFinder.py -i https://example.com/1.js -o results.html
18
19
# Js vuln scanner, like retire.js with crawling
20
https://github.com/callforpapers-source/jshole
21
22
# get Shell from xss
23
https://github.com/shelld3v/JSshell
24
25
# Find JS sourcemap
26
1) Find JavaScript files
27
2) ffuf -w js_files.txt -u FUZZ -mr "sourceMappingURL"
28
3) Download sourcemap
29
4) https://github.com/chbrown/unmap
30
5) Browse configs or just grep for API keys/Creds
Copied!
Last modified 10mo ago
Export as PDF
Copy link