Monday, October 17, 2022
HomeHackerSearches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets...

Searches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets and techniques




JSubFinder is a device writtin in golang to look webpages & javascript for hidden subdomains and secrets and techniques within the given URL. Developed with BugBounty hunters in thoughts JSubFinder takes benefit of Go’s superb efficiency permitting it to make the most of giant information units & be simply chained with different instruments.

Set up

Set up the applying and obtain the signatures wanted to seek out secrets and techniques

Utilizing GO:

go get github.com/ThreatUnkown/jsubfinder
wget https://uncooked.githubusercontent.com/ThreatUnkown/jsubfinder/grasp/.jsf_signatures.yaml && mv .jsf_signatures.yaml ~/.jsf_signatures.yaml

or

Downloads Web page

Fundamental Utilization

Search

Search the given url’s for subdomains and secrets and techniques

$ jsubfinder search -h

Execute the command specified

Utilization:
JSubFinder search [flags]

Flags:
-c, --crawl Allow crawling
-g, --greedy Verify all recordsdata for URL's not simply Javascript
-h, --help assist for search
-f, --inputFile string File containing domains
-t, --threads int Ammount of threads for use (default 5)
-u, --url strings Url to verify

International Flags:
-d, --debug Allow debug mode. Logs are saved in log.data
-Okay, --nossl Skip SSL cert verification (default true)
-o, --outputFile string title/location to retailer the file
-s, --secrets Verify outcomes for secrets and techniques e.g api keys
--sig string Location of signatures for locating secrets and techniques
-S, --silent Disable printing to the console

Examples (outcomes are the identical on this case):

$ jsubfinder search -u www.google.com
$ jsubfinder search -f file.txt
$ echo www.google.com | jsubfinder search
$ echo www.google.com | httpx --silent | jsubfinder search$

apis.google.com
ogs.google.com
retailer.google.com
mail.google.com
accounts.google.com
www.google.com
insurance policies.google.com
help.google.com
adservice.google.com
play.google.com

With Secrets and techniques Enabled

observe --secrets="" will save the key leads to a secrets and techniques.txt file

$ echo www.youtube.com | jsubfinder search --secrets=""
www.youtube.com
youtubei.youtube.com
funds.youtube.com
2Fwww.youtube.com
252Fwww.youtube.com
m.youtube.com
television.youtube.com
music.youtube.com
creatoracademy.youtube.com
artists.youtube.com

Google Cloud API Key <redacted> present in content material of https://www.youtube.com
Google Cloud API Key <redacted> present in content material of https://www.youtube.com
Google Cloud API Key <redacted> present in content material of https://www.youtube.com
Google Cloud API Key <redacted> present in content material of https://www.youtube.com
Google Cloud API Key <redacted> present in content material of https://www.youtube.com
Google Cloud API Key <redacted> present in content material of https://www.youtube.com

Superior examples

$ echo www.google.com | jsubfinder search -crawl -s "google_secrets.txt" -S -o jsf_google.txt -t 10 -g
  • -crawl use the default crawler to crawl pages for different URL’s to investigate
  • -s permits JSubFinder to seek for secrets and techniques
  • -S Silence output to console
  • -o <file> save output to specified file
  • -t 10 use 10 threads
  • -g search each URL for JS, even ones we do not assume have any

Proxy

Permits the upstream HTTP proxy with TLS MITM sypport. This lets you:

  1. Browse websites in realtime and have JSubFinder seek for subdomains and secrets and techniques actual time.
  2. If wanted run jsubfinder on one other server to dump the workload
$ JSubFinder proxy -h

Execute the command specified

Utilization:
JSubFinder proxy [flags]

Flags:
-h, --help assist for proxy
-p, --port int Port for the proxy to hear on (default 8444)
--scope strings Url's in scope seperated by commas. e.g www.google.com,www.netflix.com
-u, --upstream-proxy string Adress of upsteam proxy e.g http://127.0.0.1:8888 (default "http://127.0.0.1:8888")

International Flags:
-d, --debug Allow debug mode. Logs are saved in log.data
-Okay, --nossl Skip SSL cert verification (default true)
-o, --outputFile string title/location to retailer the file
-s, --secrets Verify outcomes for secrets and techniques e.g api keys
--sig string Location of signatures for locating secrets and techniques
-S, --silent Disable printing to the console

$ jsubfinder proxy
Proxy began on :8444
Subdomain: out.reddit.com
Subdomain: www.reddit.com
Subdomain: 2Fwww.reddit.com
Subdomain: alb.reddit.com
Subdomain: about.reddit.com

With Burp Suite

  1. Configure Burp Suite to ahead visitors to an upstream proxy/ (Consumer Choices > Connections > Upsteam Proxy Servers > Add)
  2. Run JSubFinder in proxy mode

Burp Suite will now ahead all visitors proxied by means of it to JSubFinder. JSubFinder will retrieve the response, return it to burp and in one other thread seek for subdomains and secrets and techniques.

With Proxify

  1. Launch Proxify & dump visitors to a folder proxify -output logs
  2. Configure Burp Suite, a Browser or different device to ahead visitors to Proxify (see directions on their github web page)
  3. Launch JSubFinder in proxy mode & set the upstream proxy as Proxify jsubfinder proxy -u http://127.0.0.1:8443
  4. Use Proxify’s replay utility to replay the dumped visitors to jsubfinder replay -output logs -burp-addr http://127.0.0.1:8444

Run on one other server

Easy, run JSubFinder in proxy mode on one other server e.g 192.168.1.2. Observe the proxy steps above however set your purposes upstream proxy as 192.168.1.2:8443

Superior Examples

$ jsubfinder proxy --scope www.reddit.com -p 8081 -S -o jsf_reddit.txt
  • --scope limits JSubFinder to solely analyze responses from www.reddit.com
  • -p port JSubFinders proxy server is working on
  • -S silence output to the console/stdout
  • -o <file> output examples to this file



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments