{"id":13639517,"url":"https://github.com/ThreatUnknown/jsubfinder","last_synced_at":"2025-04-19T22:32:50.715Z","repository":{"id":43411582,"uuid":"296628634","full_name":"ThreatUnknown/jsubfinder","owner":"ThreatUnknown","description":"jsubfinder searches webpages for javascript \u0026 analyzes them for hidden subdomains and secrets (wip).","archived":false,"fork":false,"pushed_at":"2025-01-15T00:49:52.000Z","size":8688,"stargazers_count":270,"open_issues_count":7,"forks_count":33,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-04-13T21:02:01.402Z","etag":null,"topics":["bugbounty","pentesting","proxy","security","security-tools"],"latest_commit_sha":null,"homepage":"https://www.threatunknown.com/projects/jsubfinder/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ThreatUnknown.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-18T13:26:58.000Z","updated_at":"2025-03-29T15:53:25.000Z","dependencies_parsed_at":"2024-01-02T01:36:39.936Z","dependency_job_id":"2f929ea8-d046-49d2-93cb-a7ccccadfd48","html_url":"https://github.com/ThreatUnknown/jsubfinder","commit_stats":null,"previous_names":["hiddengearz/jsubfinder","threatunknown/jsubfinder","threatunkown/jsubfinder"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThreatUnknown%2Fjsubfinder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThreatUnknown%2Fjsubfinder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThreatUnknown%2Fjsubfinder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThreatUnknown%2Fjsubfinder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ThreatUnknown","download_url":"https://codeload.github.com/ThreatUnknown/jsubfinder/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249822209,"owners_count":21329935,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","pentesting","proxy","security","security-tools"],"created_at":"2024-08-02T01:01:01.658Z","updated_at":"2025-04-19T22:32:50.404Z","avatar_url":"https://github.com/ThreatUnknown.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"## ![jsubfinder logo](https://user-images.githubusercontent.com/17349277/146734055-8b836305-7a13-4c66-a02b-d92932322b42.png)\r\n\r\n\r\n\r\n\r\nJSubFinder is a tool writtin in golang to search webpages \u0026 javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go's amazing performance allowing it to utilize large data sets \u0026 be easily chained with other tools.\r\n\r\n\r\n![z69D8q](https://user-images.githubusercontent.com/17349277/147615346-9c1471a6-a9a8-45cb-a429-f789b255950c.gif)\r\n\r\n## Install\r\n---\r\nInstall the application and download the signatures needed to find secrets\r\n\r\nUsing GO:\r\n\r\n```bash\r\ngo install github.com/ThreatUnkown/jsubfinder@latest\r\nwget https://raw.githubusercontent.com/ThreatUnkown/jsubfinder/master/.jsf_signatures.yaml \u0026\u0026 mv .jsf_signatures.yaml ~/.jsf_signatures.yaml\r\n```\r\n\r\nor\r\n\r\n[Downloads Page](https://github.com/hiddengearz/jsubfinder/tags)\r\n\r\n\r\n## Basic Usage\r\n---\r\n\r\n### Search\r\n\r\nSearch the given url's for subdomains and secrets\r\n\r\n```text\r\n$ jsubfinder search -h\r\n\r\nExecute the command specified\r\n\r\nUsage:\r\n  JSubFinder search [flags]\r\n\r\nFlags:\r\n  -c, --crawl              Enable crawling\r\n  -g, --greedy             Check all files for URL's not just Javascript\r\n  -h, --help               help for search\r\n  -f, --inputFile string   File containing domains\r\n  -t, --threads int        Ammount of threads to be used (default 5)\r\n  -u, --url strings        Url to check\r\n\r\nGlobal Flags:\r\n  -d, --debug               Enable debug mode. Logs are stored in log.info\r\n  -K, --nossl               Skip SSL cert verification (default true)\r\n  -o, --outputFile string   name/location to store the file\r\n  -s, --secrets             Check results for secrets e.g api keys\r\n      --sig string          Location of signatures for finding secrets\r\n  -S, --silent              Disable printing to the console\r\n```\r\n\r\nExamples (results are the same in this case):\r\n\r\n```bash\r\n$ jsubfinder search -u www.google.com\r\n$ jsubfinder search -f file.txt\r\n$ echo www.google.com | jsubfinder search\r\n$ echo www.google.com | httpx --silent | jsubfinder search$\r\n\r\napis.google.com\r\nogs.google.com\r\nstore.google.com\r\nmail.google.com\r\naccounts.google.com\r\nwww.google.com\r\npolicies.google.com\r\nsupport.google.com\r\nadservice.google.com\r\nplay.google.com\r\n```\r\n\r\n\r\n\r\n#### With Secrets Enabled\r\n*note `--secrets=\"\"` will save the secret results in a secrets.txt file*\r\n```bash\r\n\r\n$ echo www.youtube.com | jsubfinder search --secrets=\"\"\r\nwww.youtube.com\r\nyoutubei.youtube.com\r\npayments.youtube.com\r\n2Fwww.youtube.com\r\n252Fwww.youtube.com\r\nm.youtube.com\r\ntv.youtube.com\r\nmusic.youtube.com\r\ncreatoracademy.youtube.com\r\nartists.youtube.com\r\n\r\nGoogle Cloud API Key \u003credacted\u003e found in content of https://www.youtube.com\r\nGoogle Cloud API Key \u003credacted\u003e found in content of https://www.youtube.com\r\nGoogle Cloud API Key \u003credacted\u003e found in content of https://www.youtube.com\r\nGoogle Cloud API Key \u003credacted\u003e found in content of https://www.youtube.com\r\nGoogle Cloud API Key \u003credacted\u003e found in content of https://www.youtube.com\r\nGoogle Cloud API Key \u003credacted\u003e found in content of https://www.youtube.com\r\n```\r\n\r\n\r\n#### Advanced examples\r\n```bash\r\n$ echo www.google.com | jsubfinder search -crawl -s \"google_secrets.txt\" -S -o jsf_google.txt -t 10 -g\r\n```\r\n\r\n* `-crawl` use the default crawler to crawl pages for other URL's to analyze\r\n* `-s` enables JSubFinder to search for secrets\r\n* `-S` Silence output to console\r\n* `-o \u003cfile\u003e` save output to specified file\r\n* `-t 10` use 10 threads\r\n* `-g` search every URL for JS, even ones we don't think have any\r\n\r\n### Proxy\r\nEnables the upstream HTTP proxy with TLS MITM sypport. This allows you to:\r\n\r\n1) Browse sites in realtime and have JSubFinder search for subdomains and secrets real time.\r\n2) If needed run jsubfinder on another server to offload the workload\r\n\r\n```text\r\n$ JSubFinder proxy -h\r\n\r\nExecute the command specified\r\n\r\nUsage:\r\n  JSubFinder proxy [flags]\r\n\r\nFlags:\r\n  -h, --help                    help for proxy\r\n  -p, --port int                Port for the proxy to listen on (default 8444)\r\n      --scope strings           Url's in scope seperated by commas. e.g www.google.com,www.netflix.com\r\n  -u, --upstream-proxy string   Adress of upsteam proxy e.g http://127.0.0.1:8888 (default \"http://127.0.0.1:8888\")\r\n\r\nGlobal Flags:\r\n  -d, --debug               Enable debug mode. Logs are stored in log.info\r\n  -K, --nossl               Skip SSL cert verification (default true)\r\n  -o, --outputFile string   name/location to store the file\r\n  -s, --secrets             Check results for secrets e.g api keys\r\n      --sig string          Location of signatures for finding secrets\r\n  -S, --silent              Disable printing to the console\r\n```\r\n\r\n```bash\r\n$ jsubfinder proxy\r\nProxy started on :8444\r\nSubdomain: out.reddit.com\r\nSubdomain: www.reddit.com\r\nSubdomain: 2Fwww.reddit.com\r\nSubdomain: alb.reddit.com\r\nSubdomain: about.reddit.com\r\n```\r\n\r\n#### With Burp Suite\r\n1) Configure Burp Suite to forward traffic to an upstream proxy/ (User Options \u003e Connections \u003e Upsteam Proxy Servers \u003e Add)\r\n2) Run JSubFinder in proxy mode\r\n\r\nBurp Suite will now forward all traffic proxied through it to JSubFinder. JSubFinder will retrieve the response, return it to burp and in another thread search for subdomains and secrets.\r\n\r\n#### With Proxify\r\n1) Launch [Proxify](https://github.com/projectdiscovery/proxify) \u0026 dump traffic to a folder `proxify -output logs`\r\n2) Configure Burp Suite, a Browser or other tool to forward traffic to Proxify (see instructions on their [github page](https://github.com/projectdiscovery/proxify))\r\n3) Launch JSubFinder in proxy mode \u0026 set the upstream proxy as Proxify `jsubfinder proxy -u http://127.0.0.1:8443`\r\n4) Use Proxify's replay utility to replay the dumped traffic to jsubfinder `replay -output logs -burp-addr http://127.0.0.1:8444`\r\n\r\n\r\n#### Run on another server\r\nSimple, run JSubFinder in proxy mode on another server e.g 192.168.1.2. Follow the proxy steps above but set your applications upstream proxy as 192.168.1.2:8443\r\n\r\n#### Advanced Examples\r\n\r\n```bash\r\n$ jsubfinder proxy --scope www.reddit.com -p 8081 -S -o jsf_reddit.txt\r\n```\r\n\r\n* `--scope` limits JSubFinder to only analyze responses from www.reddit.com\r\n* `-p` port JSubFinders proxy server is running on\r\n* `-S` silence output to the console/stdout\r\n* `-o \u003cfile\u003e` output examples to this file\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FThreatUnknown%2Fjsubfinder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FThreatUnknown%2Fjsubfinder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FThreatUnknown%2Fjsubfinder/lists"}