JSScanner

Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.

Installation :

git clone https://github.com/0x240x23elu/JSScanner.git
cd JSScanner
pip3 install -r  requirements.txt

Note

If you Want to Add New Regex , Please check Regex in python regex checker . Regex File Regex.txt
Output file bydefault output.txt

How to Use

echo "example.com" | waybackurls | grep -iE '\.js'|grep -ivE '\.json'|sort -u  > j.txt
or
echo "example.com" | waybackurls | httpx > live.txt

python3 JSScanner.py
Please Enter Any File: text.txt (your links file)
Path Of Regex/Patten File: regex.txt (your regex file)

Open redirect

 Now JSScanner fetch open redirect param from Live site
 Copy Below Regex in Regex.txt
 
 (next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)(([\w.-]*)\.([\w]*)\.([A-z]))\w+
 
(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)(http|https)

(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+

video

https://www.youtube.com/watch?v=hsT5BL_EV-g
https://youtu.be/hsT5BL_EV-g
[![Watch the video](https://img.youtube.com/vi/hsT5BL_EV-g/1.jpg)](https://www.youtube.com/watch?v=hsT5BL_EV-g)

Some Regex

Thank you

https://github.com/odomojuli https://github.com/odomojuli/RegExAPI

Name	Type	Regex


Twitter	Access Token	[1-9][ 0-9]+-[0-9a-zA-Z]{40}
Twitter	Access Token	[1-9][ 0-9]+-[0-9a-zA-Z]{40}
Facebook	Access Token	EAACEdEose0cBA[0-9A-Za-z]+
Facebook	OAuth 2.0	[A-Za-z0-9]{125}
Instagram	OAuth 2.0	[0-9a-fA-F]{7}.[0-9a-fA-F]{32}
Google	OAuth 2.0	API Key
GitHub	OAuth 2.0	[0-9a-fA-F]{40}
Gmail	OAuth 2.0	[0-9(+-[0-9A-Za-z_]{32}.apps.qooqleusercontent.com
Foursquare	Client Key	[0-9a-zA-Z_][5,31]
Foursquare	Secret Key	R_[0-9a-f]{32}
Picatic	API Key	sk_live_[0-9a-z]{32}
Stripe	Standard API Key	sk_live_(0-9a-zA-Z]{24}
Stripe	Restricted API Key	sk_live_(0-9a-zA-Z]{24}
Finance Square	Access Token	sqOatp-[0-9A-Za-z-_]{22}
Finance Square	OAuth Secret	q0csp-[ 0-9A-Za-z-_]{43}
Finance	Paypal / Braintree	Access Token
AMS	Auth Token	amzn.mws]{8}-[0-9a-f]{4}-10-9a-f1{4}-[0-9a,]{4}-[0-9a-f]{12}
Twilio	API Key	55[0-9a-fA-F]{32}
MailGun	API Key	key-[0-9a-zA-Z]{32}
MailChimp	API Key	[0-9a-f]{32}-us[0-9]{1,2}
Slack	API Key	xox[baprs]-[0-9]{12}-[0-9]{12}-[0-9a-zA-Z]{24}
Amazon Web Services	Access Key ID	AKIA[0-9A-Z]{16}
Amazon Web Services	Secret Key	[0-9a-zA-Z/+]{40}
Google Cloud Platform	OAuth 2.0	[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
Google Cloud Platform	API Key	[A-Za-z0-9_]{21}--[A-Za-z0-9_]{8}
Heroku	API Key	[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
Heroku	OAuth 2.0	[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}

Js File Scanner This is Js File Scanner

Related tags

Overview

JSScanner

Installation :

Note

How to Use

Open redirect

video

Some Regex

Owner

Genpyteal - Experiment to rewrite Python into PyTeal using RedBaron

The disassembler parses evm bytecode from the command line or from a file.

This is a keylogger in python for Windows, Mac and Linux!

CVE-2022-22965 : about spring core rce

Official implementation of the paper "Backdoor Attacks on Self-Supervised Learning".

Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

Threat Intel Platform for T-POTs

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

POC using subprocess lib in Python 🐍

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

带回显版本的漏洞利用脚本

Password database With special stuff

log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

TLaunch: Launch Programs on Multiple Hosts

Yesitsme - Simple OSINT script to find Instagram profiles by name and e-mail/phone

PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager)

利用NTLM Hash读取Exchange邮件

Log4j rce test environment and poc

RedTeam-Security - In this repo you will get the information of Red Team Security related links