JSScanner: Scanning JS Files for Endpoints and Secrets
Scanning JS Files for Endpoints and Secrets
So this script will crawl the domain present in alive.txt.
When you run the tool it will process the domain present in alive.txt and will create two folders js and db.
Now comes the part to look for secrets or hardcoded strings in those js files. So we can get into the db folder and grep for anything we like.
At this stage, you can use your own creativity and look for certain keywords like amazonaws.com. api_key, api_secret, token. or also for var to identify potential GET or POST parameters.
git clone https://github.com/dark-warlord14/JSScanner.git
Change the alive.txt with the domains you need to test. These are should be in below format
To run the tool use