Skip to content

Commit e1feb9f

Browse files
nikolas-treynikolas-trey
authored
Add files via upload
0 parents  commit e1feb9f

File tree

6 files changed

+445
-0
lines changed

6 files changed

+445
-0
lines changed

LICENSE

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
MIT License
2+
3+
Copyright (c) 2023 Nemesis
4+
5+
Permission is hereby granted, free of charge, to any person obtaining a copy
6+
of this software and associated documentation files (the "Software"), to deal
7+
in the Software without restriction, including without limitation the rights
8+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
copies of the Software, and to permit persons to whom the Software is
10+
furnished to do so, subject to the following conditions:
11+
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
14+
15+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

README.md

Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
# JSRecon
2+
## A powerful tool designed for identifying hidden endpoints and sensitive information within JavaScript files on a website.
3+
4+
<img src="background.png" width="900">
5+
6+
## Description:
7+
JSRecon is a powerful tool designed for identifying hidden endpoints and sensitive information within JavaScript files on a website. It finds hidden URLs and hard-coded sensitive information to assist with detecting vulnerabilities.
8+
9+
<!-- FEATURES -->
10+
## Features:
11+
12+
- Fast crawler
13+
- Finds sensitive information(API keys, e-mail(s), internal addresses...)
14+
- Discovers hidden endpoints
15+
- Built in Go
16+
17+
<!-- INSTALLATION -->
18+
## Installation:
19+
20+
### Option 1:
21+
22+
[Download](https://github.com/Nemesis0U/JSRecon/releases) from releases
23+
24+
### Option 2:
25+
Run the following command to get the repo:
26+
27+
$ go install -v github.com/Nemesis0U/JSRecon@latest
28+
29+
<!-- USAGE -->
30+
## Usage:
31+
32+
### Options:
33+
34+
```
35+
./jsrecon -h
36+
NAME:
37+
JSRecon - Scan and extract endpoint URLs and sensitive data from JS files on a website
38+
39+
USAGE:
40+
JSRecon [global options] command [command options] [arguments...]
41+
42+
COMMANDS:
43+
help, h Shows a list of commands or help for one command
44+
45+
GLOBAL OPTIONS:
46+
--url value, -u value URL of the website to scan (required)
47+
--keyword value Keyword to search for in JavaScript code (optional)
48+
--output value, -o value Output file to save the links (optional)
49+
--show-as-domain Show results as domains instead of full URLs (optional) (default: false)
50+
--show-sensitive Show sensitive data found in JS files (optional) (default: false)
51+
--cookie value Custom cookie to include in the request (optional)
52+
--help, -h show help
53+
54+
```
55+
<!-- EXAMPLE -->
56+
### Example:
57+
58+
```
59+
./jsrecon -u https://www.tiktok.com --show-sensitive --output results.txt --show-as-domain
60+
61+
Data saved to results.txt
62+
63+
IP Address: 1.0.0.73
64+
IP Address: 1.0.1.234
65+
API Key: 3319de946467a5e2530ff6f04830521452419c9a548f85fca089ebc9cf8c22a8
66+
Credential: username
67+
Credential: Username
68+
Credential: Password
69+
Credential: password
70+
Email Address: roaogardo@gmail.com
71+
Email Address: nemilio@tripon-entertainment.com
72+
Email Address: smashingpencilsart@gmail.com
73+
Email Address: Raziirawani@gmail.com
74+
Email Address: nbellarteskids@gmail.com
75+
API Key: 2023101515264400AB6AE6E1431E45CF25
76+
API Key: 858a8ca65482457eac325ed2eeb463b0
77+
API Key: f0dae91b3b5c2419f57f9e25a02df551
78+
API Key: 47ee01b829cee66c47ef333f6fd4d7bb
79+
API Key: f549fe8da2aebb5b2bae6f5389b6a016
80+
81+
...
82+
83+
IP Address: 1.0.0.201
84+
Credential: secret
85+
sf16-website-login.neutral.ttwstatic.com
86+
lf16-tiktok-web.tiktokcdn-us.com
87+
im-api-va.tiktok.com
88+
m.tiktok.com
89+
www.tiktok.com
90+
starling-oversea.byteoversea.com
91+
mcs-va-useast2a.tiktokv.com
92+
vmweb-va.byteoversea.com
93+
webcast.tiktok.com
94+
f-p.sgsnssdk.com
95+
sf16-tcc-tos-va.byteoversea.com
96+
api.tiktok.com
97+
```
98+
<!-- LICENSE -->
99+
## License
100+
101+
Distributed under the MIT License. See `LICENSE` for more information.

background.png

22.2 KB
Loading

go.mod

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
module github.com/Nemesis0U/JSRecon
2+
3+
go 1.21.3
4+
5+
require (
6+
github.com/PuerkitoBio/goquery v1.8.1
7+
github.com/urfave/cli/v2 v2.25.7
8+
)
9+
10+
require (
11+
github.com/andybalholm/cascadia v1.3.1 // indirect
12+
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
13+
github.com/russross/blackfriday/v2 v2.1.0 // indirect
14+
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
15+
golang.org/x/net v0.7.0 // indirect
16+
)

go.sum

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
2+
github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
3+
github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
4+
github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
5+
github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
6+
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
7+
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
8+
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
9+
github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
10+
github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
11+
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
12+
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
13+
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
14+
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
15+
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
16+
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
17+
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
18+
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
19+
golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
20+
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
21+
golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
22+
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
23+
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
24+
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
25+
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
26+
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
27+
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
28+
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
29+
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
30+
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
31+
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
32+
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
33+
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
34+
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
35+
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
36+
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
37+
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
38+
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
39+
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
40+
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
41+
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
42+
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
43+
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

0 commit comments

Comments
 (0)