7 रिपॉजिटरी
Tools for extracting secrets, endpoints, and keys from client-side code.
Explore 7 awesome GitHub repositories matching part of an awesome list · JavaScript and API Analysis. Refine with filters or upvote what's useful.
Arjun is an HTTP parameter discovery tool that identifies valid parameters on web endpoints by testing large dictionaries of parameter names against target URLs. It systematically probes endpoints using GET, POST, JSON, and XML request formats to find which parameters the server accepts, and can detect parameters whose values appear reflected in the response body. The tool distinguishes itself through its multi-method scanning approach, passive parameter collection from public archives like OTX and CommonCrawl, and its ability to detect value-sensitive parameters that only trigger a response
Discover hidden HTTP parameters for API testing.
LinkFinder is a security reconnaissance and static analysis tool designed for JavaScript endpoint discovery. It extracts absolute and relative URLs and parameters from JavaScript files to map the attack surface of web applications and identify hidden API routes. The tool operates through static code analysis and regular expression pattern matching to find endpoints without executing the source code. It includes a data processor for importing exported files from Burp Suite, enabling the batch analysis of multiple JavaScript assets in a single execution. The system provides capabilities for do
Discover endpoints and paths hidden in JavaScript.
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
Extract parameters from web pages for testing.
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Find sensitive information like API keys in JS files.
High-performance hidden parameter discovery tool.
Fetches javascript file from a list of URLS or subdomains.
Extract subdomains from JavaScript files.
JSubFinder is a tool writtin in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go's amazing performance allowing it to utilize large data sets & be easily chained with other tools.
Find subdomains and secrets within JavaScript files.