How to enumerate JS files?
A full guide on enumerating JavaScript files using simple oneliners.

How to enumerate JS files?

Eman ?ati? Eman ?ati?

Eman ?ati?

I Help People Win in Bug Bounty Hunting ??

发布日期: 2024年1月18日
+ 关注

Why?

A lot of sensitive information is exposed through JS files.

There is always a chance a developer made a mistake.

And this is your opportunity to find a bug!

How to do it?

You will need these tools:

subfinder - https://github.com/projectdiscovery/subfinder

httpx - https://github.com/projectdiscovery/httpx

waybackurls - https://github.com/tomnomnom/waybackurls

This is the main oneliner: 

subfinder -d domain.com | httpx -mc 200 | tee subdomains.txt && cat subdomains.txt | waybackurls | httpx -mc 200 | grep .js | tee js.txt

Use this oneliner for extracting tokens, sensitive info:

cat js.txt | grep -r -E “aws_access_key|aws_secret_key|api key|passwd|pwd|heroku|slack|firebase|swagger|aws_secret_key|aws key|password|ftp password|jdbc|db|sql|secret jet|config|admin|pwd|json|gcp|htaccess|.env|ssh key|.git|access key|secret token|oauth_token|oauth_token_secret”

Let me know if you find success using these oneliners!

________________________

?? Follow my newsletter for more tips on crushing bug bounties in 2024!

?? Contact me: [email protected]


Weekly Bug Bounty Weekly Bug Bounty

Weekly Bug Bounty

3,293 位关注者

订阅
Eman ?ati?

I Help People Win in Bug Bounty Hunting ??

4 个月

?? Become an XSS master with my help: ?? https://omnisecurity.gumroad.com/l/xss-handbook
回复

要查看或添加评论,请登录

更多精彩文章

社区洞察

其他会员也浏览了