JSMon

JSMon – JavaScript Change Monitor for BugBounty

Using this script, you can configure a number of JavaScript files on websites that you want to monitor. Every time you run this script, these files will be fetched and compared to the previously fetched version. If they have changed, you will be notified via Telegram with a message containing a link to the script, the changed filesizes, and a diff file to inspect the changes easily.

Features

• Keep Track of endpoints – check them in a configurable interval (using cron)
• when endpoints change – send a notification via telegram

Installation

To create a cron script to run JSMon regularly:

crontab -e

create an entry like this:

@daily python /path/to/jsmon.py

This will run JSMon once a day, at midnight. You can change @daily to whatever schedule suits you.

To configure Telegram notifications, you need to add your Telegram API key and chat_id to the code, at the start of jsmon.py. You can read how to get these values here.

Lastly, you need to get started with some targets that you want to monitor. Let’s create an example:

echo "https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.js" >> targets/cdnjs-example

All done! now you can run python jsmon.py to download the specified files for the first time!

Usage

• Provide Endpoints via files in targets/ directory (line separated endpoints)
  • any number of files, with one endpoint per line
  • e.g. one file per website, or one file per program, etc.
• Every endpoint gets downloaded and stored in downloads/ with its hash as the file name (first 10 chars of md5 hash)
  • if it already exists nothing changes
  • if it is changed, the user gets notified
• jsmon.json keeps track of which endpoints are associated with which filehashes
• jsmon is designed to keep track of javascript files on websites – but it can be used for any filetype to add endpoints

Copyright (c) 2020 robre

Source: https://github.com/robre/