We will Explore Some Common Tools Which Is open Source .
How To Gather All js file From Our target :
To collect All Possible JS file From Our target we will use
Waybackurls target.com | grep “.js”
As above we used grep to filter .js file and as result we able to Manipulate all js file from Our target ,
Now , Use List Of domain : Cat domains.txt | waybackurls | grep “.js”
As above picture we used cat to read file and able to manipulate all js file .
Extract Endpoint From JS file:
To find hidden endpoint From Our js file We we use tool relative-url-extractor Which is Open Source tool :
How to Get this tool:
To install :
· Chmdo +x extract.rb
Now We Will Extract possible end point from Our js file Here we will use
command : curl -s https://securiumsolutions.com/js/tipso.js | ./extract.rb
As above picture we see extracted path from its js file .
If we Run against gathered list of js file we will use command: Cat urls.txt | ./extract.rb
As above We see How we can able to Extract Path from Js file and how we extract js file from our target . This is How We can utilize this phase .
Conclusion: We Discussed How To do hunt against js and find sensitive path file from it this will help an tester or hacker On testing phase .
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog : https://securiumsolutions.com/blog/
Author : Pallab Jyoti Borah | VAPT Analyst