{"id":13292320,"url":"https://github.com/ichbinbork/JS_lookup","last_synced_at":"2025-03-10T07:32:56.342Z","repository":{"id":64001676,"uuid":"572451053","full_name":"ichbinbork/JS_lookup","owner":"ichbinbork","description":"Tool that helps javascript source code analysis processes","archived":false,"fork":false,"pushed_at":"2022-11-30T10:00:17.000Z","size":14,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2023-03-11T05:08:21.001Z","etag":null,"topics":["bugbounty","codereview","websecurity"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ichbinbork.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-11-30T09:56:13.000Z","updated_at":"2022-11-30T10:02:16.000Z","dependencies_parsed_at":"2023-01-14T18:15:25.682Z","dependency_job_id":null,"html_url":"https://github.com/ichbinbork/JS_lookup","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ichbinbork%2FJS_lookup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ichbinbork%2FJS_lookup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ichbinbork%2FJS_lookup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ichbinbork%2FJS_lookup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ichbinbork","download_url":"https://codeload.github.com/ichbinbork/JS_lookup/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242811888,"owners_count":20189146,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","codereview","websecurity"],"created_at":"2024-07-29T17:07:40.892Z","updated_at":"2025-03-10T07:32:56.053Z","avatar_url":"https://github.com/ichbinbork.png","language":"Python","readme":"\n# JS Lookup\nThis project was made to speed up the bug bounty recon stages. \nIt quickly scans the source code of the given URL and the javascript codes used on that page and finds the functions that are dangerous to use if the necessary precautions are not taken. \nIt's not a payload generation tool or exploitation tool, it can only suggest relevant links for functions or web vulnerabilities.\n## Installation \u0026 Usage\n\n```javascript\ngit clone https://github.com/ichbinbork/js_lookup.git\n\npip install -r requirements.txt\n\npython main.py -u[Endpoint] -w[Wordlist] \n\n```\nJS lookup requires 2 parameters to run\n\n``-u`` parameter must contain destination url\n\n``-w`` parameter must contain malicious methods functions to search\n\n  \n## Output\n\nOutput of script looks like the following\n\n```bash\n  Javascript found on line 138 in source code\nFound /flasgger_static/swagger-ui-bundle.js\nhttps://httpbin.org/flasgger_static/swagger-ui-bundle.js\nMight be dangerous function in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js\nPossible Javascript Injection in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js\nLook at the eval() function parameters. If parameters has user input, it is vulnerable to javascript injection\nPossible payloads: eval(document.cookie), eval(document.domain), eval(document.location)\nMore info at https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval\nMight be dangerous function in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js        \nPossible payloads: window.location = 'https://www.attecker_website.com'\nMight cause Open redirection vulnerability in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js\nMore info at https://developer.mozilla.org/en-US/docs/Web/API/Window/location\nMight be dangerous function in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js        \nsetRequestHeader in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js\nPossible payloads: xhr.setRequestHeader('X-Forwarded-For', ')\nMore info at https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/setRequestHeader\nMight be dangerous function in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js        \nJSON.parse in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js\nPossible payloads: JSON.parse('string')\nMore info at https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse       \nMight be dangerous function in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js        \nJSON.parse in javascript file https://httpbin.org/flasgger_static/swagger-ui-bundle.js\nPossible payloads: JSON.parse('string')\nMore info at https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse       \nJavascript found on line 139 in source code\nFound /flasgger_static/swagger-ui-standalone-preset.js\nhttps://httpbin.org/flasgger_static/swagger-ui-standalone-preset.js\n```\n\n  \n## Feedback\n\nIf you have any feedback about script please contact me at berkerturk21@gmail.com or https://www.linkedin.com/in/berk-ert%C3%BCrk/\n  ","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fichbinbork%2FJS_lookup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fichbinbork%2FJS_lookup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fichbinbork%2FJS_lookup/lists"}