nuclei-templates/file/js/js-analyse.yaml

id: js-analyse
info:
  name: js-analyse
  author: ayadim
  severity: info
  description: |
    This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application.
  tags: file,js-analyse,js

file:
  - extensions:
      - js
    extractors:
      - type: regex
        name: Extracted-Token
        regex:
          - "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+"
      - type: regex
        name: Extracted-Varaibles-Name
        regex:
          - "(?i)(var|const|let)\\s+([a-z_$][0-9a-z_$]*)\\s*="
      - type: regex
        name: Extracted-Endpoints
        regex:
        # Case : './path/file' or "/path/file"
          - "(?i)('|\")((\\.{0,2})|([a-z0-9-_]*))/([a-z0-9-_/=:&?\\.]+)('|\")"
        # Case "`${ this.hostServer }/rest/basket/${ e }"
          - "(?i)}\\s*/[a-z0-9-_?=&/]+"
        # Case "path: 'login'," or "path='admin'"
          - "(?i)path\\s*(:|=)\\s*('|\")[a-z0-9-_?=&:\\./]+('|\")"
      - type: regex
        name: Extracted-URI
        regex:
          - "(?i)([a-z]{0,10}):(//|/)[a-z0-9\\./?&-_=:]+"
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`id: js-analyse`
			`info:`
			`name: js-analyse`
			`author: ayadim`
severity -update 2023-03-10 12:22:06 +00:00			`severity: info`
			`description: \|`
			`This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application.`
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`tags: file,js-analyse,js`

			`file:`
			`- extensions:`
			`- js`
			`extractors:`
			`- type: regex`
			`name: Extracted-Token`
			`regex:`
lint -fix 2023-03-10 11:14:42 +00:00			`- "(?i)(([a-z0-9]+)[-\|_])?(key\|password\|passwd\|pass\|pwd\|private\|credential\|auth\|cred\|creds\|secret\|access\|token)([-\|_][a-z]+)?(\\s)*(:\|=)+"`
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`- type: regex`
			`name: Extracted-Varaibles-Name`
			`regex:`
lint -fix 2023-03-10 11:07:19 +00:00			`- "(?i)(var\|const\|let)\\s+([a-z_$][0-9a-z_$])\\s="`
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`- type: regex`
			`name: Extracted-Endpoints`
			`regex:`
Update js-analyse.yaml add comments to explain many types of cases (for future improvement ) when extracting endpoints. 2023-03-10 12:54:29 +00:00			`# Case : './path/file' or "/path/file"`
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`- "(?i)('\|\")((\\.{0,2})\|([a-z0-9-_]*))/([a-z0-9-_/=:&?\\.]+)('\|\")"`
Update js-analyse.yaml add comments to explain many types of cases (for future improvement ) when extracting endpoints. 2023-03-10 12:54:29 +00:00			# Case "`${ this.hostServer }/rest/basket/${ e }"
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`- "(?i)}\\s*/[a-z0-9-_?=&/]+"`
Update js-analyse.yaml add comments to explain many types of cases (for future improvement ) when extracting endpoints. 2023-03-10 12:54:29 +00:00			`# Case "path: 'login'," or "path='admin'"`
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`- "(?i)path\\s(:\|=)\\s('\|\")[a-z0-9-_?=&:\\./]+('\|\")"`
			`- type: regex`
			`name: Extracted-URI`
			`regex:`
			`- "(?i)([a-z]{0,10}):(//\|/)[a-z0-9\\./?&-_=:]+"`