JSFScan.sh
Script made for all your javascript recon automation in bugbounty. Just pass the subdomain list to it and options according to your preference.
Features
1 – Gather Jsfile Links from different sources.
2 – Extract Endpoints from Jsfiles
3 – Find Secrets from Jsfiles
4 – Get Jsfiles store locally for manual analysis
5 – Make a Wordlist from Jsfiles
6 – Extract Variable names from jsfiles for possible XSS.
7 – Scan JsFiles For DomXSS.
Installation
Note: Make sure you have installed golang properly before running the installation script.
$ git clone
$ sudo chmod +x install.sh
$ ./install.sh
Usage
Target List should be with https:// and http:// use httpx or httprobe for this.
https://hackerone.com https://github.com
And if you want to add cookie then edit the command at line 23 cat $target | hakrawler -js -cookie “cookie here” -depth 2 -scope subs -plain >> jsfile_links.txt
NOTE: If you feel the tool is slow just comment out the hakrawler line at 23 in JSFScan.sh script, but it might result in little fewer jsfileslinks.
Source: https://github.com/KathanP19/
