JSRecon

command module

v0.0.0-...-e1feb9f Latest Latest Go to latest Published: Oct 19, 2023 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Nemesis0U/JSRecon

Links

Open Source Insights

README ¶

JSRecon

A powerful tool designed for identifying hidden endpoints and sensitive information within JavaScript files on a website.

Description:

JSRecon is a powerful tool designed for identifying hidden endpoints and sensitive information within JavaScript files on a website. It finds hidden URLs and hard-coded sensitive information to assist with detecting vulnerabilities.

Features:

Fast crawler
Finds sensitive information(API keys, e-mail(s), internal addresses...)
Discovers hidden endpoints
Built in Go

Installation:

Option 1:

Download from releases

Option 2:

Run the following command to get the repo:

$ go install -v github.com/Nemesis0U/JSRecon@latest

Usage:

Options:

./jsrecon -h
NAME:
   JSRecon - Scan and extract endpoint URLs and sensitive data from JS files on a website

USAGE:
   JSRecon [global options] command [command options] [arguments...]

COMMANDS:
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --url value, -u value     URL of the website to scan (required)
   --keyword value           Keyword to search for in JavaScript code (optional)
   --output value, -o value  Output file to save the links (optional)
   --show-as-domain          Show results as domains instead of full URLs (optional) (default: false)
   --show-sensitive          Show sensitive data found in JS files (optional) (default: false)
   --cookie value            Custom cookie to include in the request (optional)
   --help, -h                show help

Example:

./jsrecon -u https://www.tiktok.com --show-sensitive --output results.txt --show-as-domain

Data saved to results.txt

IP Address: 1.0.0.73
IP Address: 1.0.1.234
API Key: 3319de946467a5e2530ff6f04830521452419c9a548f85fca089ebc9cf8c22a8
Credential: username
Credential: Username
Credential: Password
Credential: password
Email Address: roaogardo@gmail.com
Email Address: nemilio@tripon-entertainment.com
Email Address: smashingpencilsart@gmail.com
Email Address: Raziirawani@gmail.com
Email Address: nbellarteskids@gmail.com
API Key: 2023101515264400AB6AE6E1431E45CF25
API Key: 858a8ca65482457eac325ed2eeb463b0
API Key: f0dae91b3b5c2419f57f9e25a02df551
API Key: 47ee01b829cee66c47ef333f6fd4d7bb
API Key: f549fe8da2aebb5b2bae6f5389b6a016

...

IP Address: 1.0.0.201
Credential: secret
sf16-website-login.neutral.ttwstatic.com
lf16-tiktok-web.tiktokcdn-us.com
im-api-va.tiktok.com
m.tiktok.com
www.tiktok.com
starling-oversea.byteoversea.com
mcs-va-useast2a.tiktokv.com
vmweb-va.byteoversea.com
webcast.tiktok.com
f-p.sgsnssdk.com
sf16-tcc-tos-va.byteoversea.com
api.tiktok.com

License

Distributed under the MIT License. See LICENSE for more information.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL