Find Hidden Endpoint From JS File

Greeting Everyone ! Today In this Blog We will Explore How To Recon Javascript and How To extract all Javascript From Our Targeted Website .  In This Blog we will Explore How to Do Gather all Js File from target , , Extract Endpoint from JS File .

We will Explore Some Common Tools Which Is open Source .

How To Gather All js file From Our target :

To collect All Possible JS file From Our target we will use

Waybackurls target.com | grep “.js”

As above we used grep to filter .js file and as result we able to Manipulate all js file from Our target ,

Now , Use List Of domain : Cat domains.txt | waybackurls | grep “.js”

As above picture we used cat to read file and able to manipulate all js file .

Extract Endpoint From  JS file:

To find hidden endpoint From Our js file We we use tool relative-url-extractor Which is Open Source tool :

How to Get this tool:
To install :

·       Git clone https://github.com/jobertabma/relative-url-extractor.git

·       Cd relative-url-extractor

·       Chmdo   +x  extract.rb

Now We Will Extract possible end point from Our js file Here we will use

command : curl  -s  https://securiumsolutions.com/js/tipso.js | ./extract.rb

As above picture we see extracted path from its js file .

If we Run against gathered list of js file we will use command: Cat urls.txt | ./extract.rb

As above We see How we can able to Extract Path from Js file and how we extract js file from our target . This is How We can utilize this phase .

 Conclusion: We Discussed How To do hunt against js and find sensitive path file from it this will help an tester or hacker On testing phase .

Reference: https://gist.github.com/m4ll0k/31ce0505270e0a022410a50c8b6311ff

Thanks For Reading……. See You In Another Blog!

Stick With Our Blog : https://securiumsolutions.com/blog/

Author : Pallab Jyoti Borah | VAPT Analyst

Leave a Comment

Your email address will not be published. Required fields are marked *