jsFinder is a command-line tool written in Go that scans web pages to find JavaScript files linked in the HTML source code. It searches for any attribute that can contain a JavaScript file (e.g., src, href, data-main, etc.) and extracts the URLs of the files to a text file. The tool is designed to be simple to use, and it supports reading URLs from a file or from standard input.
jsFinder is useful for web developers and security professionals who want to find and analyze the JavaScript files used by a web application. By analyzing the JavaScript files, it’s possible to understand the functionality of the application and detect any security vulnerabilities or sensitive information leakage.
Features
- Reading URLs from a file or from stdin using command line arguments.
- Running multiple HTTP GET requests concurrently to each URL.
- Limiting the concurrency of HTTP GET requests using a flag.
- Using a regular expression to search for JavaScript files in the response body of the HTTP GET requests.
- Writing the found JavaScript files to a file specified in the command line arguments or to a default file named “output.txt”.
- Printing informative messages to the console indicating the status of the program’s execution and the output file’s location.
- Allowing the program to run in verbose or silent mode using a flag.
Installation
jsfinder requires Go 1.20 to install successfully.Run the following command to get the repo :
go install -v github.com/kacakb/jsfinder@latestUsage
To see which flags you can use with the tool, use the -h flag.
jsfinder -h | Flag | Description |
|---|---|
| -l | Specifies the filename to read URLs from. |
| -c | Specifies the maximum number of concurrent requests to be made. The default value is 20. |
| -s | Runs the program in silent mode. If this flag is not set, the program runs in verbose mode. |
| -o | Specifies the filename to write found URLs to. The default filename is output.txt. |
| -read | Reads URLs from stdin instead of a file specified by the -l flag. |
Demo
If you want to read from stdin and run the program in silent mode, use this command:
cat list.txt| jsfinder -read -s -o js.txt
If you want to read from a file, you should specify it with the -l flag and use this command:
jsfinder -l list.txt -s -o js.txtYou can also specify the concurrency with the -c flag.The default value is 20. If you want to read from a file, you should specify it with the -l flag and use this command:
jsfinder -l list.txt -c 50 -s -o js.txtTODOs
- Adding new features
- Improving performance
- Adding a cookie flag
- Reading regex from a file
- Integrating the kacak tool (coming soon)
Screenshot
Contact
If you have any questions, feedback or collaboration suggestions related to this project, please feel free to contact me via:
