{"id":23769871,"url":"https://github.com/dewebdes/partizan","last_synced_at":"2026-04-19T14:34:13.451Z","repository":{"id":269877130,"uuid":"908726482","full_name":"dewebdes/partizan","owner":"dewebdes","description":"Mini-Burp for real-time packet manipulation just with VSCode + Chrome","archived":false,"fork":false,"pushed_at":"2025-07-01T23:18:05.000Z","size":24756,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-02T00:24:32.405Z","etag":null,"topics":["ai","chrome","hack","narrow","nodejs","playwrite","recon","tool","vscode","web"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dewebdes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-12-26T19:56:24.000Z","updated_at":"2025-07-01T23:18:08.000Z","dependencies_parsed_at":"2024-12-26T21:16:55.211Z","dependency_job_id":"de70a21d-c366-4169-a29a-e8e26879333d","html_url":"https://github.com/dewebdes/partizan","commit_stats":null,"previous_names":["dewebdes/partizan"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/dewebdes/partizan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dewebdes%2Fpartizan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dewebdes%2Fpartizan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dewebdes%2Fpartizan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dewebdes%2Fpartizan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dewebdes","download_url":"https://codeload.github.com/dewebdes/partizan/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dewebdes%2Fpartizan/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273403945,"owners_count":25099299,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-03T02:00:09.631Z","response_time":76,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","chrome","hack","narrow","nodejs","playwrite","recon","tool","vscode","web"],"created_at":"2025-01-01T02:33:22.462Z","updated_at":"2025-10-03T12:13:26.562Z","avatar_url":"https://github.com/dewebdes.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/dewebdes/partizan/blob/main/image/logo.png\" alt=\"Partizan Logo\" width=\"100\" height=\"100\"\u003e\n\u003cbr\u003e\n\u003cstrong align=\"center\"\u003e# Partizan\u003c/strong\u003e\n\u003c/p\u003e\n**\u003cu\u003e\u003cb\u003ePartizan\u003c/b\u003e\u003c/u\u003e** refers to a member of an armed group formed to fight secretly against an occupying force, often associated with resistance movements and guerrilla warfare. The term has its roots in the **Parthian Empire**, a powerful ancient civilization known for its strategic resistance and formidable warriors. The word embodies the spirit of independence, resistance, and resourcefulness.\n\n# Partizan\nPartizan is a robust security tool designed to streamline the detection of dangerous sinks, key terms, and source maps in web applications. Built with efficiency and ease of use in mind, it leverages Playwright to provide comprehensive scanning capabilities. As part of our **NARROW-RECON** methodology, Partizan focuses on precise and targeted reconnaissance to enhance security measures.\n\n## Features\n\n- **Dangerous Sinks Detection**: Automatically identifies and logs potentially dangerous code snippets.\n- **Key-Terms Detection**: Detects specified keywords in page dependencies and logs them separately.\n- **Source Maps Discovery**: Discovers and logs source maps for further analysis.\n- **WAF ASCII Filtering Detection**: Identifies filtered ASCII characters by fuzzing query parameters in web requests and checking different encoding methods if a character is filtered.\n- **WAF Rule Detection**: Uses URL shortening to identify points where WAF rules/regex might block requests.\n- **DOM XSS Detection**: Identifies DOM-based XSS vulnerabilities by testing URL parameters for reflection in the page content.\n- **DDoS Testing**: Simulates Distributed Denial-of-Service (DDoS) attacks and monitors target's response time.\n- **Unique URLs Filtering**: Filters and groups unique URLs based on similarity.\n- **Comprehensive Logging**: Provides detailed logs of requests and responses.\n- **Customizable Scans**: Easily configure and customize scans according to your needs.\n- **Interested URLs List**: Generates a list of URLs of interest for detailed security checks.\n- **Network Packet Analysis**: Logs, minimizes, and analyzes network packets to identify unique and potentially harmful requests.\n- **SpiderFoot Data Fetching**: Fetches data from SpiderFoot scans and organizes it into distinct log files as part of our **WIDE-RECON** approach.\n- **Screenshot Capture**: Captures screenshots of specified hosts and saves them for further analysis.\n- **Host List Processing**: Cleans and processes host lists to remove subdomains and duplicates.\n- **Random Wordlist Generator**: Creates random wordlists from a main wordlist based on user input, distributing unique words across chunks.\n- **URL Extraction**: Extracts and processes URLs from the specified hostnames for detailed analysis and security checks.\n\n## Getting Started\n\n### Prerequisites\n\n- Node.js\n- Playwright\n- `node-fetch`\n- `prompt-sync`\n- `string-similarity`\n- `axios`\n- `readline`\n- `fs`\n- `worker_threads`\n- `parse-domain`\n\n### Installation\n\nClone the repository:\n\n```bash\ngit clone https://github.com/dewebdes/partizan.git\ncd partizan\n```\n\nInstall dependencies:\n\n```bash\nnpm install\n```\n\n### Usage\n\nFollow the prompts to input the hostname or URL you want to analyze.\n\nRun the `browser.cjs` script to perform dangerous sinks detection, key-terms detection, and source maps discovery:\n\n```bash\nnode browser.cjs\n```\n\nRun the `packet-min.cjs` script for network packet analysis and minimization:\n\n```bash\nnode packet-min.cjs\n```\n\nRun the `waf-ascii.cjs` script for WAF ASCII filtering detection:\n\n```bash\nnode waf-ascii.cjs\n```\n\nRun the `checkUrl.cjs` script for WAF rule detection and URL shortening analysis:\n\n```bash\nnode checkUrl.cjs\n```\n\nRun the `dom_xss_detector.cjs` script for DOM XSS detection:\n\n```bash\nnode dom_xss_detector.cjs\n```\n\nRun the `ddos_tester.cjs` script for simulating DDoS attacks and monitoring target's response time:\n\n```bash\nnode ddos_tester.cjs\n```\n\nRun the `fetchSpiderfootData.cjs` script to fetch data from SpiderFoot scans and organize them into distinct log files:\n\n```bash\nnode fetchSpiderfootData.cjs\n```\n\nRun the `capture_screenshots.cjs` script to capture screenshots of specified hosts:\n\n```bash\nnode capture_screenshots.cjs\n```\n\nRun the `process_hosts.cjs` script to clean and process host lists:\n\n```bash\nnode process_hosts.cjs\n```\n\nRun the `randomWordlistGenerator.cjs` script to create random wordlists from a main wordlist:\n\n```bash\nnode randomWordlistGenerator.cjs\n```\n\nRun the `URL_Extractor.cjs` script to extract and process URLs from specified hostnames:\n\n```bash\nnode URL_Extractor.cjs\n```\n\nRun the `unique-urls.cjs` script to filter and group unique URLs:\n\n```bash\nnode unique-urls.cjs\n```\n\n### Customizing Browser Configuration\n\nTo customize the browser configuration for scripts that use Playwright, you can modify the `executablePath` to specify the path to the browser executable. This is useful if you want to use a specific browser installation, such as Google Chrome.\n\nHere’s an example of how to set the `executablePath` in the Playwright launch options:\n\n```javascript\nconst browser = await chromium.launch({\n    executablePath: 'C:\\\\Program Files\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe', // Path to the browser executable\n    headless: false, // Set to true if you want to run the browser in headless mode\n    args: [\n        '--no-sandbox',\n        '--ignore-certificate-errors'\n    ]\n});\n```\n\nYou can apply this configuration in any script that uses Playwright to launch a browser, such as `browser.cjs`, `capture_screenshots.cjs`, etc.\n\n### DDoS Tester Customization\n\nYou can customize the `ddos_tester.cjs` script by modifying the payloads and other settings.\n\n#### Customizing Payloads\n\nTo customize the payloads used in DDoS requests, you can edit the `payloads` array in the script:\n\n```javascript\nconst payloads = [\n    // Add your custom payloads here\n];\n```\n\nYou can add, modify, or remove payloads based on your specific requirements.\n\n#### Customizing Request Settings\n\nTo customize the request settings, such as the number of workers, base delay, and ping delay, you can modify the following variables:\n\n```javascript\nconst numWorkers = 30; // Number of worker threads\nconst baseDelay = 5000; // 5 seconds delay between requests\nconst pingDelay = 3 * 1000 * 5; // 15 seconds interval for ping requests\n```\n\nYou can also configure the proxy settings to use different ports or hosts:\n\n```javascript\nconst originalResponseTime = await captureResponseTime(testURL, { host: '192.168.189.131', port: 8080 });\nconst currentResponseTime = await captureResponseTime(`${testURL}\u0026extra=${extraPayload}`, { host: '192.168.189.131', port: 8082 });\n```\n\nFor detailed guidance on proxy configuration, including cloud worker base proxies, you can refer to this [proxy-guide](https://www.linkedin.com/posts/eyni-kave_aevagp-aewaeq-aetaevaezaetaepaeuaev-activity-7273419725672464384-Vs7e).\n\n## File Descriptions\n\n- **browser.cjs**: Handles the main browser automation tasks, including dangerous sink detection, key-terms detection, and source map discovery.\n- **packet-min.cjs**: Focuses on processing and minimizing network packets for detailed analysis and security checks.\n- **waf-ascii.cjs**: Detects filtered ASCII characters by fuzzing query parameters in web requests and checking different encoding methods if a character is filtered.\n- **checkUrl.cjs**: Identifies points where WAF rules/regex might block requests by using URL shortening and detects points that return a 500 status or are dropped by the WAF.\n- **dom_xss_detector.cjs**: Identifies DOM-based XSS vulnerabilities by testing URL parameters for reflection in the page content.\n- **ddos_tester.cjs**: Simulates DDoS attacks and monitors target's response time, providing detailed logs and customizable payloads.\n- **fetchSpiderfootData.cjs**: Fetches data from SpiderFoot scans, organizes it into distinct log files, and ensures unique entries in each file as part of the **WIDE-RECON** approach.\n- **capture_screenshots.cjs**: Captures screenshots of specified hosts and saves them for further analysis.\n- **process_hosts.cjs**: Cleans and processes host lists to remove subdomains and duplicates.\n- **randomWordlistGenerator.cjs**: Creates random wordlists from a main wordlist based on user input, distributing unique words across chunks.\n- **URL_Extractor.cjs**: Extracts and processes URLs from specified hostnames for detailed analysis and security checks.\n- **unique-urls.cjs**: Filters and groups unique URLs based on similarity to identify distinct URLs.\n\n## Contributing\n\nWe welcome contributions to Partizan. Please read the [contributing guidelines](CONTRIBUTING.md) to get started.\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Acknowledgments\n\n- **Contributors**: Special thanks to all contributors who have made this project possible. Your dedication and hard work are greatly appreciated.\n- **Community**: We extend our gratitude to the open-source community for their support and collaboration. Your feedback and contributions help improve this tool.\n- **Inspiration**: This project is inspired by the relentless spirit of independence and resistance, embodied by the Parthian Empire and resistance movements throughout history.\n- **Tools and Libraries**: We acknowledge the use of various open-source tools and libraries, including Playwright, node-fetch, prompt-sync, and string-similarity, which have been instrumental in the development of Partizan.\n\n## Demo Videos 🛡️🚀✨\n\n- For a comprehensive demo and walkthrough, watch our first video on YouTube: [Partizan Security Tool: Comprehensive Demo and Walkthrough](https://www.youtube.com/watch?v=HcKkYQ5fQf0).\n- For the section where we get the URL list and more insights: [Partizan URL List Extraction](https://www.youtube.com/watch?v=i9bc1VABbHw).\n\n\u003chr\u003e\n\u003ca href=\"https://www.linkedin.com/posts/eyni-kave_web-hacking-via-copilot-ai-activity-7278260944256790530-lHp-\"\u003e\n\u003cimg src=\"https://github.com/dewebdes/partizan/blob/main/image/poster-3.jpg\"\u003e\n\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdewebdes%2Fpartizan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdewebdes%2Fpartizan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdewebdes%2Fpartizan/lists"}