{"id":21073876,"url":"https://github.com/zbo14/sourcery","last_synced_at":"2025-05-16T06:30:55.676Z","repository":{"id":31162087,"uuid":"276748474","full_name":"zbo14/sourcery","owner":"zbo14","description":"A CLI that starts a Chromium browser window and parses URLs, domains, and endpoints from response payloads","archived":false,"fork":false,"pushed_at":"2023-01-07T19:44:21.000Z","size":311,"stargazers_count":2,"open_issues_count":9,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-09-30T10:11:00.775Z","etag":null,"topics":["browser-automation","cli","endpoints","puppeteer","source-files","urls","web-application-security","web-security"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zbo14.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-02T21:26:58.000Z","updated_at":"2023-09-08T18:09:31.000Z","dependencies_parsed_at":"2023-01-14T18:27:59.108Z","dependency_job_id":null,"html_url":"https://github.com/zbo14/sourcery","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zbo14%2Fsourcery","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zbo14%2Fsourcery/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zbo14%2Fsourcery/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zbo14%2Fsourcery/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zbo14","download_url":"https://codeload.github.com/zbo14/sourcery/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225235184,"owners_count":17442277,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browser-automation","cli","endpoints","puppeteer","source-files","urls","web-application-security","web-security"],"created_at":"2024-11-19T19:13:29.801Z","updated_at":"2024-11-19T19:13:30.404Z","avatar_url":"https://github.com/zbo14.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sourcery\n\nA command-line utility that spins up a Chromium browser window and parses URLs, domains, and endpoints from source files and other response payloads.\n\n## Why?\n\nSource files (e.g. JavaScript-s) often contain information about subdomains and endpoints that's difficult to discover via other enumeration/brute-forcing methods. A single webpage may require dozens of scripts, each containing tens of thousands of lines of code. There are existing tools to crawl sites and parse endpoints from these large files, but these tools aren't always free or easy to integrate with existing workflows.\n\nIf you're a bug-bounty hunter or web security researcher, chances are you're spending a lot of time in the browser. While you navigate around a web application and test different functionality,`sourcery` parses URLs, domains, and endpoints from all the files and response payloads it sees. It writes this information to a directory you specify.\n\n## Install\n\n`npm i @zbo14/sourcery`\n\n## Usage\n\n```\n  _____  ___   __ __  ____      __    ___  ____   __ __\n / ___/ /   \\ |  T  T|    \\    /  ]  /  _]|    \\ |  T  T\n(   \\_ Y     Y|  |  ||  D  )  /  /  /  [_ |  D  )|  |  |\n \\__  T|  O  ||  |  ||    /  /  /  Y    _]|    / |  ~  |\n /  \\ ||     ||  :  ||    \\ /   \\_ |   [_ |    \\ l___, |\n \\    |l     !l     ||  .  Y\\     ||     T|  .  Y|     !\n  \\___j \\___/  \\__,_jl__j\\_j \\____jl_____jl__j\\_jl____/\n\n\nUsage: sourcery [options]\n\nOptions:\n  -V, --version                      output the version number\n  -d, --domains \u003clist\u003e               comma-separated list of root domains; sourcery looks for results under these domains\n  -e, --extensions \u003clist\u003e            comma-separated list of extensions; sourcery parses results from files with these extensions\n  -f, --file \u003cfile\u003e                  file containing URLs to visit (overrides -u)\n  -o, --output \u003cdir\u003e                 path to output directory (default: \"$PWD\")\n  -p, --pause                        pause on last page\n  -u, --url \u003curl\u003e                    single URL to visit (implies -p)\n  -x, --proxy \u003c[proto://]host:port\u003e  use a proxy (e.g. Burp) for Chromium\n  -h, --help                         display help for command\n```\n\n`sourcery` expects a single `--url` or `--file` of URLs and visits them in serial. You can instruct `sourcery` to pause on the last webpage with the `-p` option, in case you want to manually navigate/test functionality. `sourcery` will continue to find endpoints, subdomains, and URLs that fall under the specified `--domains`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzbo14%2Fsourcery","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzbo14%2Fsourcery","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzbo14%2Fsourcery/lists"}