It’s been 7 months since I started my journey in infosec, and our community has taught me a lot of things. From getting my first bounty to getting a job in Infosec, I have only grown stronger. So it is only fair to try and give back to the community. So here it is, my first blog post. I hope it helps you in some way. Enjoy!!
I had only 3 goals
So in this script, I used the tool LinkFinder by Garben Javado, which I modify a bit to suppress some error messages. Here is the link to his article about the LinkFinder tool. Here I had a couple of other options such as JSParser by the nahamsec and Relative-url-extractor by Jobert Abma. the LinkFinder has cli output feature which prints the result directly onto the terminal. So I just went with it and created this bash wrapper around it to get the job done.
So this script will crawl the domain present in alive.txt.
When you run the tool it will process the domain present in alive.txt and will create two folders js and db.
Now comes the part to look for secrets or hardcoded strings in those js files. So we can get into the db folder and grep for anything we like.
At this stage, you can use your own creativity and look for certain keywords like amazonaws.com. api_key, api_secret, token. or also for var to identify potential GET or POST parameters.
Here is the link to my GitHub repository https://github.com/dark-warlord14/JSScanner . You can easily access the tool and download it. I also added an install script that you can use to install few things before you run the tool. Then run it directly after modifying the alive.txt with your testing domains list.
I hope it helps you in some way. Feel free to connect with me on twitter @dark_warlord14 if you get stuck somewhere. And stay tuned for my next blog post where I will be introducing S3 bucket penetration testing tool which covers all the test cases around AWS s3 bucket.
Till then Happy Hacking!!