Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

LinkFinder - A Python Script That Finds Endpoints In JavaScript Files

$
0
0

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of four small regular expressions. These are responsible for finding:
  • Full URLs (https://example.com/*)
  • Absolute URLs or dotted URLs (/* or ../*)
  • Relative URLs with atleast one slash (text/test.php)
  • Relative URLs without a slash (test.php)
The output is given in HTML. Karel_origin has written a chrome extension for LinkFinder which can be found here.

Installation
LinkFinder supports Python 2 & 3.
$ git clone https://github.com/GerbenJavado/LinkFinder.git
$ cd LinkFinder
$ python setup.py install

Dependencies
LinkFinder depends on the requests, argparse, jsbeautifier and requests-file python modules. These dependencies can all be installed using pip.

Usage
Short FormLong FormDescription
-i--inputInput a: URL, file or folder. For folders a wildcard can be used (e.g. '/*.js').
-o--outputWhere to save the file, including file name or output to CLI. Default: output.html
-r--regexRegEx for filtering purposes against found endpoints (e.g. ^/api/)
-b--burpToggle to use when inputting a Burp 'Save selected' file containing multiple JS files
-c--cookiesAdd cookies to the request
-h--helpshow the help message and exit

Examples
  • Most basic usage to find endpoints in an online JavaScript file and output the results to results.html:
python linkfinder.py -i https://example.com/1.js -o results.html

  • CLI ouput (doesn't use jsbeautifier, which makes it very fast):
python linkfinder.py -i https://example.com/1.js -o cli

  • Burp input (select in target the files you want to save, right click, Save selected items, feed that file as input):
python linkfinder.py -i burpfile -b

  • Enumerating an entire folder for JavaScript files, while looking for endpoints starting with /api/ and finally saving the results to results.html:
python linkfinder.py -i 'Desktop/*.js' -r ^/api/ -o results.html




Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>