{"id":16661095,"url":"https://github.com/acuciureanu/js-maid","last_synced_at":"2025-04-09T18:52:06.320Z","repository":{"id":223907618,"uuid":"749152033","full_name":"acuciureanu/js-maid","owner":"acuciureanu","description":"A rule-driven engine designed for seamless extraction of data from JavaScript files.","archived":false,"fork":false,"pushed_at":"2025-01-01T08:55:36.000Z","size":439,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-23T20:51:15.329Z","etag":null,"topics":["bugbounty-tool","bugbountytips","data-extraction","javascript","security-audit","static-code-analyzer"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/acuciureanu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-27T18:22:43.000Z","updated_at":"2025-02-17T11:45:26.000Z","dependencies_parsed_at":"2024-02-22T18:05:44.589Z","dependency_job_id":"bdbcfc40-2b23-402b-b3eb-9f6545764a29","html_url":"https://github.com/acuciureanu/js-maid","commit_stats":null,"previous_names":["acuciureanu/js-maid"],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuciureanu%2Fjs-maid","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuciureanu%2Fjs-maid/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuciureanu%2Fjs-maid/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuciureanu%2Fjs-maid/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/acuciureanu","download_url":"https://codeload.github.com/acuciureanu/js-maid/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248092793,"owners_count":21046551,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty-tool","bugbountytips","data-extraction","javascript","security-audit","static-code-analyzer"],"created_at":"2024-10-12T10:33:33.639Z","updated_at":"2025-04-09T18:52:06.289Z","avatar_url":"https://github.com/acuciureanu.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# js-maid 🕵️ - Your JavaScript Investigator\n\njs-maid started off as an idea to break down JavaScript into an AST (something like a blueprint) and then run some smart checks on it. It's a handy little tool for folks diving into code, looking for bugs, or just trying to get a grip on what's happening under the hood.\n\n## Usage\n\n```sh\nUsage: js-maid \u003ctarget-folder-or-file\u003e [--unpack] [--deobfuscate] [--unminify] [--unpackOutputDir \u003cpath\u003e]\n\nOptions:\n  --unpack             Unpack the code before analysis\n  --deobfuscate        Deobfuscate the code before analysis\n  --unminify           Unminify the code before analysis\n  --unpackOutputDir    Specify the output directory for unpacked files (default: \"unpacked\")\n\nNote: Use the flags to enable specific features as needed.\n```\n\n## Download latest compiled binaries\n\nIf you want to run the tool straight away, there are compiled binaries for you [here](https://github.com/acuciureanu/js-maid/releases/latest)\n\n## Features 🌟\n\n- **In-depth Analysis**: Thorough investigation of JavaScript code to identify patterns and potential vulnerabilities.\n- **Debundling**: Debundling, deobfuscation, unminifying through [webcrack](https://github.com/j4k0xb/webcrack)\n- **Custom Rules**: Utilize predefined rules to enhance your code investigation.\n- **Regex Guide**: Leverage detailed regex patterns to pinpoint specific code structures.\n\n## Install Bun.sh\n\nCheck this out: [Bun.sh installation instructions](https://bun.sh/docs/installation)\n\n## Installation 🛠\n\nGet started with js-maid by installing the necessary dependencies:\n\n```bash\nnpm install\n```\n\n## Running js-maid 🏃\n\nTo start investigating your JavaScript code, run:\n\n```bash\nbun run App.ts\n```\n\n## Compilation 📦\n\nCompile your findings with js-maid:\n\n```bash\nbun build App.ts --compile --outfile=js-maid\n```\n\n## Running Tests 🧪\n\nEnsure your code's integrity by running tests:\n\n```bash\nbun test\n```\n\n## Developer Guide 📚\n\n### Implemented Rules\n\n- **LiteralRule**: Checks text inside quotes against patterns to find important info like secrets.\n\n- **ReferenceResolverRule**: Tracks variable names to their values for deeper code analysis.\n\n- **TemplateLiteralRule**: Builds and analyzes dynamic strings with variables for pattern matching.\n\n- More rules to come. The tool is not perfect and there are corner cases that I didn't know about.\n\n## MatchingRule Instances\n\nIn our application, we use the `MatchingRule` feature to create specific instances for different matching needs. Here are a couple of examples:\n\n```typescript\nconst urlMatchingRule = new MatchingRule(\"endpoints\", urlPattern);\nconst secretsMatchingRule = new MatchingRule(\"secrets\", secretsPatterns);\n```\n\nIn the above code:\n\n- `urlMatchingRule` is a `MatchingRule` instance that matches URLs. It uses the pattern defined in `urlPattern`. The label \"endpoints\" is used to identify matches found with this rule.\n\n- `secretsMatchingRule` is a `MatchingRule` instance that matches secrets. It uses the pattern defined in `secretsPatterns`. The label \"secrets\" is used to identify matches found with this rule.\n\nThese instances can then be used throughout the application to check if certain strings match their respective patterns. The labels (\"endpoints\" or \"secrets\") can be used to identify which rule a match was found with.\n\n## Contributing 🤝\n\nWe welcome contributions to js-maid! Whether it's enhancing the rules, expanding the regex patterns, or improving documentation, your input is invaluable.\n\n## License 📜\n\njs-maid is open-source software licensed under the MIT license.\n\n## Support 💖\n\nLove js-maid? Star this on GitHub and spread the word! Your support motivates me to continuously improve.\n\nDive into your JavaScript investigations with js-maid and uncover the insights you need. Happy coding!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facuciureanu%2Fjs-maid","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Facuciureanu%2Fjs-maid","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facuciureanu%2Fjs-maid/lists"}