95 lines
3.2 KiB
YAML
95 lines
3.2 KiB
YAML
id: js-analyse
|
|
|
|
info:
|
|
name: JS Analyse
|
|
author: ayadim
|
|
severity: info
|
|
description: |
|
|
This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application.
|
|
metadata:
|
|
verified: true
|
|
tags: file,js-analyse,js
|
|
|
|
file:
|
|
- extensions:
|
|
- js
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: extracted-token
|
|
regex:
|
|
- "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token|secretaccesskey)([-|_][a-z]+)?(\\s)*(:|=)+"
|
|
|
|
- type: regex
|
|
name: extracted-endpoints
|
|
regex:
|
|
- "(?i)('|\")((\\.{0,2})|([a-z0-9-_]*))/([a-z0-9-_/=:&?\\.]+)('|\")"
|
|
- "(?i)}\\s*/[a-z0-9-_?=&/]+"
|
|
- "(?i)path\\s*(:|=)\\s*('|\")[a-z0-9-_?=&:\\./]+('|\")"
|
|
|
|
- type: regex
|
|
name: extracted-uri
|
|
regex:
|
|
- "(?i)([a-z]{2,10}):(//|/)[a-z0-9\\./?&-_=:]+"
|
|
|
|
- type: regex
|
|
name: amazon-access-key
|
|
regex:
|
|
- "(?i)(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
|
|
|
|
- type: regex
|
|
name: amazon-s3-url
|
|
regex:
|
|
- "(?i)([a-z0-9_\\-\\.]+\\.s3\\.amazonaws\\.com)"
|
|
- "(?i)([a-z0-9\\.-]+\\.s3-[a-z0-9-\\.]+\\.amazonaws\\.com)"
|
|
- "(?i)[a-z0-9\\.-]+\\.s3-website[\\.-](eu|ap|us|ca|sa|cn)"
|
|
- "(?i)(s3://[a-z0-9_\\-\\./]+)"
|
|
- "(?i)(s3\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)"
|
|
- "(?i)(s3\\.console\\.aws\\.com/s3/buckets/[a-z0-9/_\\-\\.]+)"
|
|
- "(?i)(s3-[a-z0-9-\\.]\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)"
|
|
|
|
- type: regex
|
|
name: github-personal-access-token
|
|
regex:
|
|
- "(?i)(ghp_[a-z0-9]{36}|github_pat_[a-z0-9]{82})"
|
|
|
|
- type: regex
|
|
name: github-oauth-access-token
|
|
regex:
|
|
- "(?i)(gho_[a-zA-Z0-9]{36})"
|
|
|
|
- type: regex
|
|
name: github-app-token
|
|
regex:
|
|
- "\b((?:ghu|ghs)_[a-zA-Z0-9]{36})\b"
|
|
|
|
- type: regex
|
|
name: authorization-basic
|
|
regex:
|
|
- "(?i)(Authorization:\\sbasic\\s+[a-z0-9=:_\\-+/]{5,100})"
|
|
|
|
- type: regex
|
|
name: authorization-bearer
|
|
regex:
|
|
- "(?i)(Authorization:\\sbearer\\s+[a-z0-9=:_\\-\\.+/]{5,100})"
|
|
|
|
- type: regex
|
|
name: rsa-private-key
|
|
regex:
|
|
- "(?i)(-----BEGIN RSA PRIVATE KEY-----)"
|
|
|
|
- type: regex
|
|
name: ssh-dsa-private-key
|
|
regex:
|
|
- "(?i)(-----BEGIN DSA PRIVATE KEY-----)"
|
|
|
|
- type: regex
|
|
name: ssh-ec-private-key
|
|
regex:
|
|
- "(?i)(-----BEGIN EC PRIVATE KEY-----)"
|
|
|
|
- type: regex
|
|
name: potential-ajax-request
|
|
regex:
|
|
- "(?i)(new\\s+xmlhttprequest\\(\\)|\\$\\.ajax\\(\\{)"
|
|
# digest: 4a0a00473045022100a1dfbb218bb6e589fe608e853b26ab2acd789a197a02d92e3f0499331b80e03602206ac9cf015a855085c501f0e372f587e6dd518133e9bb9781de0d34ee15266bb9:922c64590222798bb761d5b6d8e72950 |