Bug Bounty Hub
  • 🚀WELCOME
    • Bug Bounty Hub
    • BBH - Values
    • About the author
  • 🕸️PENTESTING WEB
    • Information Gathering
      • Enumerating ASN and IP blocks
      • Reverse IP Lookup
      • Scanning Open Ports/Services
      • Subdomain Enumeration
        • Active Subdomain Enumeration
        • Passive Subdomain Enumeration
        • Subdomain Permutations
        • Check Alive Subdomains
      • Subdomain Takeover
      • Fuzzing
      • JavaScript Files
      • Endpoints
      • Input Parameters
      • Mapping Attack Surface - Crawling/Spider
      • Fingerprinting
      • Potential Vulnerabilities - Nuclei
    • Client-Side Injection Attacks
    • Server-Side Vulnerabilities
      • Path Traversal/File Inclusion
      • Access Control
      • Authentication
      • Server-side Request Forgery (SSRF)
      • File upload vulnerabilities
      • OS Command Injection
      • SQL Injection
        • MySQL Injection
        • SQLi with SQLMap
    • Authentication
    • Insecure Direct Object Reference (IDOR)
    • Cross-Site Request Forgery Attacks
    • Business Logic Flaws
    • HTTP Verb Tampering
    • Bypass 401 & 403
    • Evading WAFs
    • Reporting
  • 🐣THE BASICS OF WEB
    • HTTP Methods
    • HTTP Response Codes
    • HTTP Headers
      • AWS S3 Buckets Headers
    • HTTP Cookies
    • Encoding
      • URL encoding
      • HTML encoding
      • Base 64 encoding
      • Unicode encoding
    • Web Browsers
      • Same-Origin Policy (SOP)
      • Content Security Policy (CSP)
      • Subresource Integrity Check (SIC)
    • Web Proxies
  • 📚RESOURCES
    • Books
    • Web resources
    • CTF Platforms
  • 🏔️Bug Bounty Platforms
Powered by GitBook
On this page
  • Manual extraction of endpoints from JS files
  • Collecting JS files from Web Archives
  • Collecting JS files from Crawler/Spider
  • Sensitive Data from JS files
  • SecretFinder

Was this helpful?

  1. PENTESTING WEB
  2. Information Gathering

JavaScript Files

JavaScript files can contain useful information such as subdomains, directories, endpoints, files and API routes, as well as sensitive data like usernames, passwords or API Keys, hence they are worth exploring.

Manual extraction of endpoints from JS files

curl -s $url/file.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" \
    | sed -e 's/^"//' -e 's/"$//' | sort -u

Collecting JS files from Web Archives

echo $domain | gau --threads 10 | grep "\.js" | sort -u | httpx -silent -mc 200 \
    | anew alive_js_files.txt

Collecting JS files from Crawler/Spider

echo $domain | katana -silent | grep -E "\.js($|\?)"

Sensitive Data from JS files

SecretFinder

python3 SecretFinder.py -i $domain/file.js -o cli

PreviousFuzzingNextEndpoints

Last updated 5 months ago

Was this helpful?

🕸️