8000 GitHub - number731/JSReader: A modified and more convenient version of SecretFinder.
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ JSReader Public

A modified and more convenient version of SecretFinder.

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

number731/JSReader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
go.mod
go.mod
 
 
jsreader.go
jsreader.go
 
 

Repository files navigation

jsreader

A powerful Go-based tool that analyzes JavaScript files to discover endpoints, API URLs, tokens, and other sensitive information that might be exposed in client-side code. Special thanks for Timoria and RIGOLIT.

Features

jsreader can detect various types of sensitive information:

  • S3 Buckets - Potential public AWS S3 bucket URLs
  • Firebase Resources:
    • Firebase Database URLs
    • Firebase Storage URLs
    • Firebase Application URLs
  • API Endpoints:
    • General API endpoints
    • API versions
    • API subdomains
    • API components
  • GraphQL Endpoints - GraphQL API endpoints
  • Authentication Endpoints - Authentication, OAuth, and user-related endpoints
  • Telegram Bot Tokens - Exposed Telegram API tokens
  • URLs in Variables - URLs stored in JavaScript variables

Installation

Using Go Install

go install github.com/number731/jsreader@latest

Manual Installation

git clone https://github.com/number731/jsreader.git

# Change to the project directory
cd jsreader

# Build the executable
go build -o jsreader.go

# Optional: Move to a directory in your PATH
sudo mv jsreader /usr/local/bin/

Usage

JS Endp 7122 oint Finder provides several options for analyzing JavaScript files:

Usage:
  jsreader [options]

Options:
  -t int     Number of threads to use (default 1)
  -i string  Path to file with list of JS URLs (one per line)
  -f string  Path to single JS file to analyze
  -p         Enable pipe mode (read from stdin)
  -o string  Output file to save results (.txt)

Examples

Analyze a single local JavaScript file:

jsreader -f /path/to/script.js

Analyze a remote JavaScript file:

jsreader -f https://example.com/script.js

Process multiple JavaScript files from a list:

jsreader -i urls.txt -t 5

Process data from pipe:

cat urls.txt | jsreader -p

Save results to a file:

jsreader -i urls.txt -o results.txt

Combine with other tools:

cat domains.txt | katana -d 5 -jc | grep '\.js$' | jsreader -p

Example Output

When running JS Endpoint Finder, results will be color-coded for easy identification:

  • Red: S3 Buckets
  • Yellow: Firebase resources
  • Green: API endpoints
  • Cyan: GraphQL endpoints
  • Purple: Authentication endpoints
  • Blue: URLs in variables
  • Orange: Telegram tokens
  • Teal: API subdomains
  • Pink: API versions
  • Magenta: API components

Example output:

[API] https://api.example.com/v1/users
   Details: API endpoint - investigate available methods
   Source: https://example.com/main.js

[Firebase DB] https://my-app.firebaseio.com/data
   Details: Firebase service - check security rules
   Source: https://example.com/main.js

[S3 Bucket] https://assets.s3-us-west-2.amazonaws.com/images
   Details: Potential public S3 bucket - check permissions
   Source: https://example.com/main.js

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

A modified and more convenient version of SecretFinder.

Topics

information-disclosure js-file api-scraping secret-finder js-hunter

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages
0