LinkFinder is a security reconnaissance and static analysis tool designed for JavaScript endpoint discovery. It extracts absolute and relative URLs and parameters from JavaScript files to map the attack surface of web applications and identify hidden API routes. The tool operates through static code analysis and regular expression pattern matching to find endpoints without executing the source code. It includes a data processor for importing exported files from Burp Suite, enabling the batch analysis of multiple JavaScript assets in a single execution. The system provides capabilities for do
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
Arjun is an HTTP parameter discovery tool that identifies valid parameters on web endpoints by testing large dictionaries of parameter names against target URLs. It systematically probes endpoints using GET, POST, JSON, and XML request formats to find which parameters the server accepts, and can detect parameters whose values appear reflected in the response body. The tool distinguishes itself through its multi-method scanning approach, passive parameter collection from public archives like OTX and CommonCrawl, and its ability to detect value-sensitive parameters that only trigger a response