nuclei-templates/file/js/js-analyse.yaml

id: js-analyse

info:
  name: JS Analyse
  author: ayadim
  severity: info
  description: |
    This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application.
  metadata:
    verified: true
  tags: file,js-analyse,js

file:
  - extensions:
      - js

    extractors:
      - type: regex
        name: extracted-token
        regex:
          - "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token|secretaccesskey)([-|_][a-z]+)?(\\s)*(:|=)+"

      - type: regex
        name: extracted-endpoints
        regex:
          - "(?i)('|\")((\\.{0,2})|([a-z0-9-_]*))/([a-z0-9-_/=:&?\\.]+)('|\")"
          - "(?i)}\\s*/[a-z0-9-_?=&/]+"
          - "(?i)path\\s*(:|=)\\s*('|\")[a-z0-9-_?=&:\\./]+('|\")"

      - type: regex
        name: extracted-uri
        regex:
          - "(?i)([a-z]{2,10}):(//|/)[a-z0-9\\./?&-_=:]+"

      - type: regex
        name: amazon-access-key
        regex:
          - "(?i)(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"

      - type: regex
        name: amazon-s3-url
        regex:
          - "(?i)([a-z0-9_\\-\\.]+\\.s3\\.amazonaws\\.com)"
          - "(?i)([a-z0-9\\.-]+\\.s3-[a-z0-9-\\.]+\\.amazonaws\\.com)"
          - "(?i)[a-z0-9\\.-]+\\.s3-website[\\.-](eu|ap|us|ca|sa|cn)"
          - "(?i)(s3://[a-z0-9_\\-\\./]+)"
          - "(?i)(s3\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)"
          - "(?i)(s3\\.console\\.aws\\.com/s3/buckets/[a-z0-9/_\\-\\.]+)"
          - "(?i)(s3-[a-z0-9-\\.]\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)"

      - type: regex
        name: github-personal-access-token
        regex:
          - "(?i)(ghp_[a-z0-9]{36}|github_pat_[a-z0-9]{82})"

      - type: regex
        name: github-oauth-access-token
        regex:
          - "(?i)(gho_[a-zA-Z0-9]{36})"

      - type: regex
        name: github-app-token
        regex:
          - "\b((?:ghu|ghs)_[a-zA-Z0-9]{36})\b"

      - type: regex
        name: authorization-basic
        regex:
          - "(?i)(Authorization:\\sbasic\\s+[a-z0-9=:_\\-+/]{5,100})"

      - type: regex
        name: authorization-bearer
        regex:
          - "(?i)(Authorization:\\sbearer\\s+[a-z0-9=:_\\-\\.+/]{5,100})"

      - type: regex
        name: rsa-private-key
        regex:
          - "(?i)(-----BEGIN RSA PRIVATE KEY-----)"

      - type: regex
        name: ssh-dsa-private-key
        regex:
          - "(?i)(-----BEGIN DSA PRIVATE KEY-----)"

      - type: regex
        name: ssh-ec-private-key
        regex:
          - "(?i)(-----BEGIN EC PRIVATE KEY-----)"

      - type: regex
        name: potential-ajax-request
        regex:
          - "(?i)(new\\s+xmlhttprequest\\(\\)|\\$\\.ajax\\(\\{)"
# digest: 4a0a00473045022100a1dfbb218bb6e589fe608e853b26ab2acd789a197a02d92e3f0499331b80e03602206ac9cf015a855085c501f0e372f587e6dd518133e9bb9781de0d34ee15266bb9:922c64590222798bb761d5b6d8e72950
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`id: js-analyse`
fixed-formatting 2023-03-13 18:58:46 +00:00
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`info:`
fixed-formatting 2023-03-13 18:58:46 +00:00			`name: JS Analyse`
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`author: ayadim`
severity -update 2023-03-10 12:22:06 +00:00			`severity: info`
			`description: \|`
			`This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application.`
fixed-formatting 2023-03-13 18:58:46 +00:00			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
javascript, token spray, headless, file tagging improvements and consistency 2023-12-12 23:25:50 +00:00			`tags: file,js-analyse,js`

Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`file:`
			`- extensions:`
			`- js`
fixed-formatting 2023-03-13 18:58:46 +00:00
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`extractors:`
			`- type: regex`
fixed-formatting 2023-03-13 18:58:46 +00:00			`name: extracted-token`
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`regex:`
Update js-analyse.yaml add extractors. correct some regex to prevent false results. add word in regex 2024-02-17 16:18:34 +00:00			`- "(?i)(([a-z0-9]+)[-\|_])?(key\|password\|passwd\|pass\|pwd\|private\|credential\|auth\|cred\|creds\|secret\|access\|token\|secretaccesskey)([-\|_][a-z]+)?(\\s)*(:\|=)+"`
fixed-formatting 2023-03-13 18:58:46 +00:00
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`- type: regex`
fixed-formatting 2023-03-13 18:58:46 +00:00			`name: extracted-endpoints`
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`regex:`
			`- "(?i)('\|\")((\\.{0,2})\|([a-z0-9-_]*))/([a-z0-9-_/=:&?\\.]+)('\|\")"`
			`- "(?i)}\\s*/[a-z0-9-_?=&/]+"`
			`- "(?i)path\\s(:\|=)\\s('\|\")[a-z0-9-_?=&:\\./]+('\|\")"`
fixed-formatting 2023-03-13 18:58:46 +00:00
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`- type: regex`
fixed-formatting 2023-03-13 18:58:46 +00:00			`name: extracted-uri`
Create js-analyse.yaml I create a template that "Analyse" js files for bug bounty hunters : - Extract Tokens. - Extract endpoints. - Extract URI. - Extract Variables names. (All in one) 2023-03-09 12:27:18 +00:00			`regex:`
Update js-analyse.yaml add extractors. correct some regex to prevent false results. add word in regex 2024-02-17 16:18:34 +00:00			`- "(?i)([a-z]{2,10}):(//\|/)[a-z0-9\\./?&-_=:]+"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml add extractors. correct some regex to prevent false results. add word in regex 2024-02-17 16:18:34 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: amazon-access-key`
Update js-analyse.yaml add extractors. correct some regex to prevent false results. add word in regex 2024-02-17 16:18:34 +00:00			`regex:`
			`- "(?i)(A3T[A-Z0-9]\|AKIA\|AGPA\|AROA\|AIPA\|ANPA\|ANVA\|ASIA)[A-Z0-9]{16}"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: amazon-s3-url`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "(?i)([a-z0-9_\\-\\.]+\\.s3\\.amazonaws\\.com)"`
			`- "(?i)([a-z0-9\\.-]+\\.s3-[a-z0-9-\\.]+\\.amazonaws\\.com)"`
			`- "(?i)[a-z0-9\\.-]+\\.s3-website[\\.-](eu\|ap\|us\|ca\|sa\|cn)"`
			`- "(?i)(s3://[a-z0-9_\\-\\./]+)"`
			`- "(?i)(s3\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)"`
			`- "(?i)(s3\\.console\\.aws\\.com/s3/buckets/[a-z0-9/_\\-\\.]+)"`
			`- "(?i)(s3-[a-z0-9-\\.]\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: github-personal-access-token`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "(?i)(ghp_[a-z0-9]{36}\|github_pat_[a-z0-9]{82})"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: github-oauth-access-token`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "(?i)(gho_[a-zA-Z0-9]{36})"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: github-app-token`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "\b((?:ghu\|ghs)_[a-zA-Z0-9]{36})\b"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: authorization-basic`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "(?i)(Authorization:\\sbasic\\s+[a-z0-9=:_\\-+/]{5,100})"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: authorization-bearer`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "(?i)(Authorization:\\sbearer\\s+[a-z0-9=:_\\-\\.+/]{5,100})"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: rsa-private-key`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "(?i)(-----BEGIN RSA PRIVATE KEY-----)"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: ssh-dsa-private-key`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "(?i)(-----BEGIN DSA PRIVATE KEY-----)"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: ssh-ec-private-key`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "(?i)(-----BEGIN EC PRIVATE KEY-----)"`
fir formatting 2024-03-15 04:27:19 +00:00
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`- type: regex`
fir formatting 2024-03-15 04:27:19 +00:00			`name: potential-ajax-request`
Update js-analyse.yaml New extractors 2024-03-13 22:03:38 +00:00			`regex:`
			`- "(?i)(new\\s+xmlhttprequest\\(\\)\|\\$\\.ajax\\(\\{)"`
Auto Template Signing [Tue Mar 19 03:38:58 UTC 2024] :robot: 2024-03-19 03:38:58 +00:00			`# digest: 4a0a00473045022100a1dfbb218bb6e589fe608e853b26ab2acd789a197a02d92e3f0499331b80e03602206ac9cf015a855085c501f0e372f587e6dd518133e9bb9781de0d34ee15266bb9:922c64590222798bb761d5b6d8e72950`