1 - Gather Jsfile Links from different sources.
2 - Import File Containing JSUrls
3 - Extract Endpoints from Jsfiles
4 - Find Secrets from Jsfiles
5 - Get Jsfiles store locally for manual analysis
6 - Make a Wordlist from Jsfiles
7 - Extract Variable names from jsfiles for possible XSS.
8 - Scan JsFiles For DomXSS.
There are two ways of executing this script: Either locally on the host machine or within a Docker container
Installing all dependencies locally
Note: Make sure you have installed golang properly before running installation script locally.
$ sudo chmod +x install.sh
Building the docker container
When using the docker version, everything will be installed automatically. You just have to execute the following commands:
$ git clone https://github.com/KathanP19/JSFScan.sh
$ cd JSFScan/
$ docker build . -t jsfscan
In order to start the pre-configured container run the following command:
$ docker run -it jsfscan "/bin/bash"
After that an interactive bash session should be opened.
Target List should be with
http:// use httpx or httprobe for this.
And if you want to add cookie then edit the command at line 23
cat $target | hakrawler -js -cookie "cookie here" -depth 2 -scope subs -plain >> jsfile_links.txt
NOTE: If you feel tool is slow just comment out hakrawler line at 23 in JSFScan.sh script , but it might result in little less jsfileslinks.
_______ ______ _______ ______ _
(_______/ _____(_______/ _____) | |
_ ( (____ _____ ( (____ ____ _____ ____ ___| |__
_ | | ____ | ___) ____ / ___(____ | _ /___| _
| |_| | _____) | | _____) ( (___/ ___ | | | |_|___ | | | |
___/ (______/|_| (______/ _________|_| |_(_(___/|_| |_|
-l Gather Js Files Links
-f Import File Containing JS Urls
-e Gather Endpoints For JSFiles
-s Find Secrets For JSFiles
-m Fetch Js Files for manual testing
-o Make an Output Directory to put all things Together
-w Make a wordlist using words from jsfiles
-v Extract Vairables from the jsfiles
-d Scan for Possible DomXSS from jsfiles
You may be interested in...
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.