daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/file/js/js-analyse.yaml

31 lines
973 B
YAML
Raw Normal View History

Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one)
2023-03-09 12:27:18 +00:00
id: js-analyse
info:
name: js-analyse
author: ayadim
severity: low
tags: file,js-analyse,js
file:
- extensions:
- js
extractors:
- type: regex
name: Extracted-Token
regex:
- "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+"
- type: regex
name: Extracted-Varaibles-Name
regex:
#since go does not support lookahead in regex it hard to return only the names :/
lint -fix
2023-03-10 11:07:19 +00:00
- "(?i)(var|const|let)\\s+([a-z_$][0-9a-z_$]*)\\s*="
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one)
2023-03-09 12:27:18 +00:00
- type: regex
name: Extracted-Endpoints
regex:
- "(?i)('|\")((\\.{0,2})|([a-z0-9-_]*))/([a-z0-9-_/=:&?\\.]+)('|\")"
- "(?i)}\\s*/[a-z0-9-_?=&/]+"
- "(?i)path\\s*(:|=)\\s*('|\")[a-z0-9-_?=&:\\./]+('|\")"
- type: regex
name: Extracted-URI
regex:
- "(?i)([a-z]{0,10}):(//|/)[a-z0-9\\./?&-_=:]+"