Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nahamsec/JSParser
https://github.com/nahamsec/JSParser
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/nahamsec/JSParser
- Owner: nahamsec
- Created: 2017-07-13T19:22:44.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2023-11-13T05:35:48.000Z (7 months ago)
- Last Synced: 2024-01-16T10:52:20.930Z (5 months ago)
- Language: Python
- Size: 358 KB
- Stars: 766
- Watchers: 30
- Forks: 183
- Open Issues: 40
-
Metadata Files:
- Readme: README.md
Lists
- my-awesome-stars - nahamsec/JSParser - (Python)
- awesome-bbht - JSParser - A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. (Content Discovery / Inspecting JS Files)
- awesome-bbht - JSParser - A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. (Content Discovery / Inspecting JS Files)
- awesome-bbht - JSParser - A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. (Content Discovery / Inspecting JS Files)
- awesome-hacking-lists - nahamsec/JSParser - (Python)
- awesome-hacking-lists - JSParser - (Python (1887))
- awesome-hacking-lists - JSParser - (Python)
README
# JSParser
A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. Useful for easily discovering AJAX requests when performing security research or bug bounty hunting.
# Dependencies
- safeurl
- tornado
- jsbeautifier
# Installing
```
$ python setup.py install
```
# Running
Run `handler.py` and then visit http://localhost:8008.
```
$ python handler.py
```
# Authors
- https://twitter.com/bbuerhaus/
- https://twitter.com/nahamsec/
# Inspired By
- https://twitter.com/jobertabma/
# References
- http://buer.haus/2017/03/31/airbnb-web-to-app-phone-notification-idor-to-view-everyones-airbnb-messages/
- http://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/
# Changelog
1.0 - Release