2 个仓库
Analysis of client-side scripts to identify leaked API keys, credentials, and internal endpoints.
Distinct from JavaScript: Existing candidates focus on the language or documentation, not security-centric parsing for secrets.
Explore 2 awesome GitHub repositories matching security & cryptography · JavaScript Secret Extraction. Refine with filters or upvote what's useful.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Parses JavaScript files to extract sensitive API keys and internal service endpoints.
LinkFinder 是一个安全侦察和静态分析工具,专为 JavaScript 端点发现而设计。它从 JavaScript 文件中提取绝对和相对 URL 及参数,以映射 Web 应用程序的攻击面并识别隐藏的 API 路由。 该工具通过静态代码分析和正则表达式模式匹配来运行,无需执行源代码即可查找端点。它包括一个用于导入 Burp Suite 导出文件的数据处理器,从而能够在单次执行中对多个 JavaScript 资源进行批量分析。 该系统提供针对全域分析和特定域过滤的能力,以将发现重点放在目标上。它还具有关键字检测通知功能,可在结果中出现特定字符串时提醒用户,并支持将发现的数据导出为纯文本或 HTML 格式。
Analyzes client-side scripts to identify internal endpoints and undocumented features for security purposes.