7 个仓库
Tools for extracting secrets, endpoints, and keys from client-side code.
Explore 7 awesome GitHub repositories matching part of an awesome list · JavaScript and API Analysis. Refine with filters or upvote what's useful.
Arjun is an HTTP parameter discovery tool that identifies valid parameters on web endpoints by testing large dictionaries of parameter names against target URLs. It systematically probes endpoints using GET, POST, JSON, and XML request formats to find which parameters the server accepts, and can detect parameters whose values appear reflected in the response body. The tool distinguishes itself through its multi-method scanning approach, passive parameter collection from public archives like OTX and CommonCrawl, and its ability to detect value-sensitive parameters that only trigger a response
Discover hidden HTTP parameters for API testing.
LinkFinder 是一个安全侦察和静态分析工具,专为 JavaScript 端点发现而设计。它从 JavaScript 文件中提取绝对和相对 URL 及参数,以映射 Web 应用程序的攻击面并识别隐藏的 API 路由。 该工具通过静态代码分析和正则表达式模式匹配来运行,无需执行源代码即可查找端点。它包括一个用于导入 Burp Suite 导出文件的数据处理器,从而能够在单次执行中对多个 JavaScript 资源进行批量分析。 该系统提供针对全域分析和特定域过滤的能力,以将发现重点放在目标上。它还具有关键字检测通知功能,可在结果中出现特定字符串时提醒用户,并支持将发现的数据导出为纯文本或 HTML 格式。
Discover endpoints and paths hidden in JavaScript.
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
Extract parameters from web pages for testing.
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Find sensitive information like API keys in JS files.
High-performance hidden parameter discovery tool.
Fetches javascript file from a list of URLS or subdomains.
Extract subdomains from JavaScript files.
JSubFinder is a tool writtin in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go's amazing performance allowing it to utilize large data sets & be easily chained with other tools.
Find subdomains and secrets within JavaScript files.