Upgrading jsleak with a CI/CD and new rules
 
 
Go to file
Swissky a47df8efed Test 2023-05-05 18:36:00 +02:00
.github/workflows Test 2023-05-05 18:36:00 +02:00
images Delete test 2023-03-29 21:19:32 +07:00
README.md Update README.md 2023-04-09 23:45:21 +07:00
go.mod Test 2023-05-05 18:36:00 +02:00
main.go Create main.go 2023-03-29 21:14:09 +07:00

README.md

Description

I was developing jsleak during most of my free time for my own need.It is easy-to-use command-line tool designed to uncover secrets and links in JavaScript files or source code. The jsleak was inspired by Linkfinder and regexes are collected from multiple sources.

Features:

  • Discover secrets in JS files such as API keys, tokens, and passwords.
  • Identify links in the source code.
  • Complete Url Function
  • Concurrent processing for scanning of multiple Urls
  • Check status code if the url is alive or not

Installation

If you are using old version of golang (go 1.15, 1.16) , use the following command to install jsleak.

go get github.com/channyein1337/jsleak

If you are using latest version of go (1.17+) , use the following command to install.

go install github.com/channyein1337/jsleak@latest

Usage

To display help message

jsleak -h

Secret Finder

echo http://testphp.vulnweb.com/ | jsleak -s

Link Finder

echo http://testphp.vulnweb.com/ | jsleak -l

Complete Url

echo http://testphp.vulnweb.com/ | jsleak -e

Check Status

echo http://testphp.vulnweb.com/ | jsleak -c 20 -k

You can also use multiple flags

echo http://testphp.vulnweb.com/ | jsleak -c 20 -l -s 

Running with Urls

cat urls.txt | jsleak -l -s -c 30

To Do

  • Scan secret on completeURL with 200 response.
  • Add Version flag.
  • Support scanning local files.
  • Support scanning apk files.
  • Update Regex.
  • Support mulitple user agents.
  • Support color output

Credit and thanks to all the following resources