JSScanner

Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.

Installation :

git clone https://github.com/0x240x23elu/JSScanner.git
cd JSScanner
pip3 install -r  requirements.txt

Note

If you Want to Add New Regex , Please check Regex in python regex checker . Regex File Regex.txt
Output file bydefault output.txt

How to Use

echo "example.com" | waybackurls | grep -iE '\.js'|grep -ivE '\.json'|sort -u  > j.txt
or
echo "example.com" | waybackurls | httpx > live.txt

python3 JSScanner.py
Please Enter Any File: text.txt (your links file)
Path Of Regex/Patten File: regex.txt (your regex file)

Open redirect

 Now JSScanner fetch open redirect param from Live site
 Copy Below Regex in Regex.txt
 
 (next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)(([\w.-]*)\.([\w]*)\.([A-z]))\w+
 
(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)(http|https)

(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+

video

https://www.youtube.com/watch?v=hsT5BL_EV-g
https://youtu.be/hsT5BL_EV-g
[![Watch the video](https://img.youtube.com/vi/hsT5BL_EV-g/1.jpg)](https://www.youtube.com/watch?v=hsT5BL_EV-g)

Some Regex

Thank you

https://github.com/odomojuli https://github.com/odomojuli/RegExAPI

Name	Type	Regex


Twitter	Access Token	[1-9][ 0-9]+-[0-9a-zA-Z]{40}
Twitter	Access Token	[1-9][ 0-9]+-[0-9a-zA-Z]{40}
Facebook	Access Token	EAACEdEose0cBA[0-9A-Za-z]+
Facebook	OAuth 2.0	[A-Za-z0-9]{125}
Instagram	OAuth 2.0	[0-9a-fA-F]{7}.[0-9a-fA-F]{32}
Google	OAuth 2.0	API Key
GitHub	OAuth 2.0	[0-9a-fA-F]{40}
Gmail	OAuth 2.0	[0-9(+-[0-9A-Za-z_]{32}.apps.qooqleusercontent.com
Foursquare	Client Key	[0-9a-zA-Z_][5,31]
Foursquare	Secret Key	R_[0-9a-f]{32}
Picatic	API Key	sk_live_[0-9a-z]{32}
Stripe	Standard API Key	sk_live_(0-9a-zA-Z]{24}
Stripe	Restricted API Key	sk_live_(0-9a-zA-Z]{24}
Finance Square	Access Token	sqOatp-[0-9A-Za-z-_]{22}
Finance Square	OAuth Secret	q0csp-[ 0-9A-Za-z-_]{43}
Finance	Paypal / Braintree	Access Token
AMS	Auth Token	amzn.mws]{8}-[0-9a-f]{4}-10-9a-f1{4}-[0-9a,]{4}-[0-9a-f]{12}
Twilio	API Key	55[0-9a-fA-F]{32}
MailGun	API Key	key-[0-9a-zA-Z]{32}
MailChimp	API Key	[0-9a-f]{32}-us[0-9]{1,2}
Slack	API Key	xox[baprs]-[0-9]{12}-[0-9]{12}-[0-9a-zA-Z]{24}
Amazon Web Services	Access Key ID	AKIA[0-9A-Z]{16}
Amazon Web Services	Secret Key	[0-9a-zA-Z/+]{40}
Google Cloud Platform	OAuth 2.0	[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
Google Cloud Platform	API Key	[A-Za-z0-9_]{21}--[A-Za-z0-9_]{8}
Heroku	API Key	[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
Heroku	OAuth 2.0	[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}

Js File Scanner This is Js File Scanner

Related tags

Overview

JSScanner

Installation :

Note

How to Use

Open redirect

video

Some Regex

Owner

Sample exploits for Zephyr CVE-2021-3625

Python implementation for PrintNightmare using standard Impacket.

CVE 2020-14871 Solaris exploit

Magicspoofing - A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

Learning to compose soft prompts for compositional zero-shot learning.

Natas teaches the basics of serverside web-security.

Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures

A script to extract SNESticle from Fight Night Round 2

This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections.

Log4jake works by spidering a web application for GET/POST requests

Better-rtti-parser - IDA script to parse RTTI information in executable

log4j burp scanner

这次是可可萝病毒！

This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

Workshop Material on VM-based Deobfuscation

This is an advanced backdoor, created with Python

Acc-Data-Gen - Allows you to generate a password, e-mail & token for your Minecraft Account

S2-061 的payload，以及对应简单的PoC/Exp

Xteam All in one Instagram,Android,phishing osint and wifi hacking tool available