Greeting Everyone ! Today In this Blog We will Explore How To Recon Javascript and How To extract all Javascript From Our Targeted Website . In This Blog we will Explore How to Do Gather all Js File from target , , Extract Endpoint from JS File .
We will
Explore Some Common Tools Which Is open Source .
How To Gather
All js file From Our target :
To collect All Possible JS file From Our target we will use
Waybackurls target.com | grep “.js”
As above we
used grep to filter .js file and as result we able to Manipulate all js file
from Our target ,
Now , Use List Of domain : Cat domains.txt | waybackurls | grep “.js”
As above
picture we used cat to read file and able to manipulate all js file .
Extract Endpoint From JS file:
To find hidden endpoint From Our js file We we use tool relative-url-extractor Which is Open Source tool :
How to Get this tool:
To install :
Git clone https://github.com/jobertabma/relative-url-extractor.git
Chmdo +x extract.rb
Now We Will Extract possible end point from Our js file Here we will use
command : curl -s https://securiumsolutions.com/js/tipso.js | ./extract.rb
As above picture we see extracted path from its js file .
If we Run against gathered list of js file we will use command: Cat urls.txt | ./extract.rb
As above We see How we can able to
Extract Path from Js file and how we extract js file from our target . This is
How We can utilize this phase .
Conclusion: We Discussed How To do hunt against js and find sensitive path file from it this will help an tester or hacker On testing phase .
Reference: https://gist.github.com/m4ll0k/31ce0505270e0a022410a50c8b6311ff
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog : https://securiumsolutions.com/blog/
Author : Pallab Jyoti Borah | VAPT Analyst
