Scripthunter – Tool To Find JavaScript Files On Websites

Scripthunter – Tool To Find JavaScript Files On Websites

[*]

Scripthunter is a resource that finds javascript data files for a specified web-site. To scan Google, merely run ./scripthunter.sh https://google.com. Observe that it may consider a while, which is why scripthunter also implements a notification system to inform you when a scan is finished by using Telegram API. Blogpost

Setup

To put in scripthunter, clone this repository. Scripthunter relies on a couple of resources to be mounted so make positive you have them:

be sure to make guaranteed that as most of these instruments are published in Go, that you have Go mounted and configured properly. Make confident that when you type any of the earlier mentioned commands in the terminal, they are recognized and function.

On top of that, scripthunter employs Telegram to ship you a notification as soon as a scan is completed. To permit this feature, you require to make a Telegram Bot and paste your Bot API crucial and chatid in the scripthunter script. You can abide by this guide to get these values.

scripthunter 2 telegram

Options

  • Extract general public javascript data files from web page making use of Gau and Hakrawler
  • Parse directories made up of js information from discovered general public information
  • Scan js directories for hidden js files utilizing ffuf and a customized wordlist
  • verify all observed data files for connectivity
  • notify person after scans are finished
  • mixture all witnessed js filenames into just one worldwide wordlist

Illustration

I ran this on some random verizon subdomain:

➜  scripthunter-dev ./scripthunter.sh https://developer.verizonmedia.com/
_ __ __ __
___ ________(_)__ / /_/ / __ _____ / /____ ____
(_-</ __/ __/ / _ / __/ _ / // / _ / __/ -_) __/
/___/__/_/ /_/ .__/__/_//_/_,_/_//_/__/__/_/
/_/
by @r0bre
[*] Running GAU
[+] GAU found 7 scripts!
[*] Running hakrawler
[+] HAKRAWLER found 5 scripts!
[*] Found 2 directories containing .js files.
[*] Running FFUF on https://developer.verizonmedia.com/./

[+] FFUF found 0 scripts in https://developer.verizonmedia.com/./ !
[*] Running FFUF on https://developer.verizonmedia.com/assets/

[+] FFUF found 0 scripts in https://developer.verizonmedia.com/assets/ !
[*] Running FFUF on https://developer.verizonmedia.com/assets/js /

[+] FFUF found 0 scripts in https://developer.verizonmedia.com/assets/js/ !
[*] Running FFUF on https://developer.verizonmedia.com/js/

[+] FFUF found 0 scripts in https://developer.verizonmedia.com/js/ !
[*] Running FFUF on https://developer.verizonmedia.com/static/

[+] FFUF found 0 scripts in https://developer.verizonmedia.com/static/ !
[*] Running FFUF on https://developer.verizonmedia.com/static/js/

[+] FFUF found 7 scripts in https://developer.verizonmedia.com/static/js/ !
[*] Running FFUF on https://developer.verizonmedia.com/static/js/vendor/

[+] FFUF found 3 scripts in https://developer.verizonmedia.com/static/js/vendor/ !
[+] Checking Script Responsiveness of 13 scripts..
https://developer.verizonmedia.com/static/js/vendor/js-cookie.js
https://developer.verizonmedia.com/static/js/jquery-3.3.1.min.js
https://developer.verizonmedia.com/static/js/autotrack.js
https://developer.verizonmedia.com/st atic/js/utils.js
https://developer.verizonmedia.com/static/js/navigation.js
https://developer.verizonmedia.com/static/js/vendor/rapidworker-1.2.js
https://developer.verizonmedia.com/static/js/vmdn.js
https://developer.verizonmedia.com/static/js/right-nav.js
[+] All Done!
[+] Found total of 13 (8 responsive) scripts!

If you like this tool, consider following me on Twitter @r0bre! )

[*]Image and Article Source link

[*]Read More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: