scripthunter: finds javascript files for a given website
scripthunter
Scripthunter is a tool that finds javascript files for a given website. To scan google, simply run ./scripthunter.sh https://google.com. Note that it may take a while, which is why it also implements a notification mechanism to inform you when a scan is finished via Telegram API. Blogpost
Features
- Extract public javascript files from a website using Gau and Hakrawler
- Parse directories containing js files from found public files
- Scan js directories for hidden js files using ffuf and a custom wordlist
- check all found files for connectivity
- notify the user once scans are finished
- aggregate all seen js filenames into one global wordlist
Install
Scripthunter relies on a couple of tools to be installed so make sure you have them:
- gau
- ffuf
- hakrawler
- httpx
Furthermore, it uses Telegram to send you a notification once a scan is finished. To enable this feature, you need to create a Telegram Bot and paste your Bot API key and chatid in the scripthunter script. You can follow this guide to get these values.
git clone https://github.com/robre/scripthunter.git
Use
Copyright (c) 2020 robre
Source: https://github.com/robre/
