JSScanner

Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.

Installation :

git clone https://github.com/0x240x23elu/JSScanner.git
cd JSScanner
pip3 install -r  requirements.txt

Note

If you Want to Add New Regex , Please check Regex in python regex checker . Regex File Regex.txt
Output file bydefault output.txt

How to Use

echo "example.com" | waybackurls | grep -iE '\.js'|grep -ivE '\.json'|sort -u  > j.txt
or
echo "example.com" | waybackurls | httpx > live.txt

python3 JSScanner.py
Please Enter Any File: text.txt (your links file)
Path Of Regex/Patten File: regex.txt (your regex file)

Open redirect

 Now JSScanner fetch open redirect param from Live site
 Copy Below Regex in Regex.txt
 
 (next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)(([\w.-]*)\.([\w]*)\.([A-z]))\w+
 
(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)(http|https)

(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+

video

https://www.youtube.com/watch?v=hsT5BL_EV-g
https://youtu.be/hsT5BL_EV-g
[![Watch the video](https://img.youtube.com/vi/hsT5BL_EV-g/1.jpg)](https://www.youtube.com/watch?v=hsT5BL_EV-g)

Some Regex

Thank you

https://github.com/odomojuli https://github.com/odomojuli/RegExAPI

Name	Type	Regex


Twitter	Access Token	[1-9][ 0-9]+-[0-9a-zA-Z]{40}
Twitter	Access Token	[1-9][ 0-9]+-[0-9a-zA-Z]{40}
Facebook	Access Token	EAACEdEose0cBA[0-9A-Za-z]+
Facebook	OAuth 2.0	[A-Za-z0-9]{125}
Instagram	OAuth 2.0	[0-9a-fA-F]{7}.[0-9a-fA-F]{32}
Google	OAuth 2.0	API Key
GitHub	OAuth 2.0	[0-9a-fA-F]{40}
Gmail	OAuth 2.0	[0-9(+-[0-9A-Za-z_]{32}.apps.qooqleusercontent.com
Foursquare	Client Key	[0-9a-zA-Z_][5,31]
Foursquare	Secret Key	R_[0-9a-f]{32}
Picatic	API Key	sk_live_[0-9a-z]{32}
Stripe	Standard API Key	sk_live_(0-9a-zA-Z]{24}
Stripe	Restricted API Key	sk_live_(0-9a-zA-Z]{24}
Finance Square	Access Token	sqOatp-[0-9A-Za-z-_]{22}
Finance Square	OAuth Secret	q0csp-[ 0-9A-Za-z-_]{43}
Finance	Paypal / Braintree	Access Token
AMS	Auth Token	amzn.mws]{8}-[0-9a-f]{4}-10-9a-f1{4}-[0-9a,]{4}-[0-9a-f]{12}
Twilio	API Key	55[0-9a-fA-F]{32}
MailGun	API Key	key-[0-9a-zA-Z]{32}
MailChimp	API Key	[0-9a-f]{32}-us[0-9]{1,2}
Slack	API Key	xox[baprs]-[0-9]{12}-[0-9]{12}-[0-9a-zA-Z]{24}
Amazon Web Services	Access Key ID	AKIA[0-9A-Z]{16}
Amazon Web Services	Secret Key	[0-9a-zA-Z/+]{40}
Google Cloud Platform	OAuth 2.0	[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
Google Cloud Platform	API Key	[A-Za-z0-9_]{21}--[A-Za-z0-9_]{8}
Heroku	API Key	[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
Heroku	OAuth 2.0	[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}

Js File Scanner This is Js File Scanner

Related tags

Overview

JSScanner

Installation :

Note

How to Use

Open redirect

video

Some Regex

Owner

CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP (更新可回显EXP)

A knockoff social-engineer toolkit

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

A python module for retrieving and parsing WHOIS data

Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Mass Shortlink Bypass Merupakan Tools Yang Akan Bypass Shortlink Ke Tujuan Asli, Dibuat Dengan Python 3

The Easiest Way To Gallery Hacking

一个自动挖掘漏洞的框架，日后会发展成强大的信息收集+漏洞挖掘脚本！

A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3

The ultimate Metasploit apk binder with legit apk written in python3

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Cam-Hacker: Ip Cameras hack with python

Nmap scanner with python

HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.

RDP Stealer

AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically to AIL

A windows post exploitation tool that contains a lot of features for information gathering and more.

BurpSuite Extension: Log4j RCE Scanner

neo Tool is great one in binary exploitation topic