jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it's built for this, you can use it to identify anything as long as you have a regex pattern for it.
Directly:
{your package manager} install pkg-config libpcre++-dev
go get github.com/0xTeles/jsleak/v2/jsleak
Compiled: release page
How to use
Usage of jsleak:
-json string
[+] Json output file
-pattern string
[+] File contains patterns to test
-verbose
[+] Verbose Mode
Demo
cat urls.txt | jsleak -pattern regex.txt
[+] Url: http://localhost/index.js
[+] Pattern: p([a-z]+)ch
[+] Match: peach
To Do
- Fix output
- Add more patterns
- Add stdin
- Implement JSON input
- Fix patterns
- Implement PCRE
Regex list
Inspired by
Thanks
@fepame, @gustavorobertux, @Jhounx, @arthurair_es