JSFScan.sh – Automation For Javascript Recon In Bug Bounty

Website can be located at https://medium.com/@patelkathan22/newbies-guidebook-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea?sk=21500dc4288281c7e6ed2315943269e7

Script designed for all your javascript recon automation in bugbounty. Just pass subdomain listing to it and choices according to your preference.

Attributes

1 - Assemble Jsfile Inbound links from distinctive sources.
2 - Import File That contains JSUrls
3 - Extract Endpoints from Jsfiles
4 - Come across Strategies from Jsfiles
5 - Get Jsfiles shop domestically for guide analysis
6 - Make a Wordlist from Jsfiles
7 - Extract Variable names from jsfiles for feasible XSS.
8 - Scan JsFiles For DomXSS.

Set up

There are two ways of executing this script: Possibly locally on the host machine or in a Docker container

Setting up all dependencies domestically

Observe: Make certain you have put in golang properly ahead of functioning installation script domestically.

$ sudo chmod +x put in.sh
$ ./put in.sh

Creating the docker container

When working with the docker variation, everything will be put in routinely. You just have to execute the next commands:

$ git clone https://github.com/KathanP19/JSFScan.sh
$ cd JSFScan/
$ docker create . -t jsfscan

In purchase to get started the pre-configured container run the adhering to command:

$ docker run -it jsfscan "/bin/bash"

After that an interactive bash session should be opened.

Usage

Concentrate on Record should really be with https:// and http:// use httpx or httprobe for this.

https://hackerone.com
https://github.com

And if you want to insert cookie then edit the command at line 23 cat $concentrate on | hakrawler -js -cookie "cookie below" -depth 2 -scope subs -basic >> jsfile_hyperlinks.txt

Notice: If you come to feel tool is slow just remark out hakrawler line at 23 in JSFScan.sh script , but it might end result in little less jsfileslinks.

 _______ ______ _______ ______                          _     
(_______/ _____(_______/ _____)                        | |    
     _ ( (____  _____ ( (____   ____ _____ ____     ___| |__  
 _  | | ____ |  ___) ____  / ___(____ |  _    /___|  _  
| |_| | _____) | |     _____) ( (___/ ___ | | | |_|___ | | | |
 ___/ (______/|_|    (______/ _________|_| |_(_(___/|_| |_|
                                                              
Usage: 
       -l   Get Js Information Backlinks
       -f   Import File That contains JS Urls
       -e   Get Endpoints For JSFiles
       -s   Locate Strategies For JSFiles
       -m   Fetch Js Documents for guide screening
       -o   Make an Output Directory to place all matters Alongside one another
       -w   Make a wordlist applying phrases from jsfiles
       -v   Extract Vairables from the jsfiles
       -d   Scan for Probable DomXSS from jsfiles

Impression and Write-up Source url

Study Additional on Pentesting Instruments