Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/0x240x23elu/JSScanner
Js File Scanner
https://github.com/0x240x23elu/JSScanner
Last synced: 21 days ago
JSON representation
Js File Scanner
- Host: GitHub
- URL: https://github.com/0x240x23elu/JSScanner
- Owner: 0x240x23elu
- Created: 2021-01-22T05:48:09.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-12-23T12:41:05.000Z (almost 3 years ago)
- Last Synced: 2024-08-05T17:45:16.582Z (4 months ago)
- Language: Python
- Size: 56.6 KB
- Stars: 157
- Watchers: 4
- Forks: 42
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - 0x240x23elu/JSScanner - Js File Scanner (Python)
README
# JSScanner
Js File Scanner
This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.[![Watch the video](https://img.youtube.com/vi/hsT5BL_EV-g/1.jpg)](https://www.youtube.com/watch?v=hsT5BL_EV-g)
## Installation :
```
git clone https://github.com/0x240x23elu/JSScanner.git
cd JSScanner
pip3 install -r requirements.txt
```## Note
```
If you Want to Add New Regex , Please check Regex in python regex checker . Regex File Regex.txt
Output file bydefault output.txt
```## How to Use
```
echo "example.com" | waybackurls | grep -iE '\.js'|grep -ivE '\.json'|sort -u > j.txt
or
echo "example.com" | waybackurls | httpx > live.txt```
```
python3 JSScanner.py
Please Enter Any File: text.txt (your links file)
Path Of Regex/Patten File: regex.txt (your regex file)
```
## Open redirect```
Now JSScanner fetch open redirect param from Live site
Copy Below Regex in Regex.txt
(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)(([\w.-]*)\.([\w]*)\.([A-z]))\w+
(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)(http|https)(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+
```
## video```
https://www.youtube.com/watch?v=hsT5BL_EV-g
https://youtu.be/hsT5BL_EV-g
[![Watch the video](https://img.youtube.com/vi/hsT5BL_EV-g/1.jpg)](https://www.youtube.com/watch?v=hsT5BL_EV-g)```
## Some Regex
```
Thank you
```
https://github.com/odomojuli
https://github.com/odomojuli/RegExAPI| Name | Type | Regex |
| :--- | :---: | ---: |
| | | |
| | | |
| Twitter | Access Token | [1-9][ 0-9]+-[0-9a-zA-Z]{40} |
| Twitter | Access Token | [1-9][ 0-9]+-[0-9a-zA-Z]{40}|
| Facebook | Access Token | EAACEdEose0cBA[0-9A-Za-z]+|
| Facebook | OAuth 2.0 | [A-Za-z0-9]{125}| login/access-tokens/ |
| Instagram | OAuth 2.0 | [0-9a-fA-F]{7}.[0-9a-fA-F]{32}|
| Google | OAuth 2.0 | API Key | AIza[0-9A-Za-z-_]{35} |
| GitHub | OAuth 2.0 | [0-9a-fA-F]{40}|
| Gmail | OAuth 2.0 | [0-9(+-[0-9A-Za-z_]{32}.apps.qooqleusercontent.com|
| Foursquare | Client Key | [0-9a-zA-Z_][5,31]|
| Foursquare | Secret Key | R_[0-9a-f]{32}|
| Picatic | API Key | sk_live_[0-9a-z]{32}|
| Stripe | Standard API Key | sk_live_(0-9a-zA-Z]{24}|
| Stripe | Restricted API Key | sk_live_(0-9a-zA-Z]{24}|
| Finance Square | Access Token | sqOatp-[0-9A-Za-z-_]{22}|
| Finance Square | OAuth Secret | q0csp-[ 0-9A-Za-z-_]{43}|
| Finance | Paypal / Braintree | Access Token | access_token,production$[0-9a-z]{161[0-9a,]{32}|
| AMS | Auth Token | amzn.mws]{8}-[0-9a-f]{4}-10-9a-f1{4}-[0-9a,]{4}-[0-9a-f]{12}|
| Twilio | API Key | 55[0-9a-fA-F]{32}|
| MailGun | API Key | key-[0-9a-zA-Z]{32}|
| MailChimp | API Key | [0-9a-f]{32}-us[0-9]{1,2}|
| Slack | API Key | xox[baprs]-[0-9]{12}-[0-9]{12}-[0-9a-zA-Z]{24}|
| Amazon Web Services | Access Key ID | AKIA[0-9A-Z]{16}|
| Amazon Web Services | Secret Key | [0-9a-zA-Z/+]{40}|
| Google Cloud Platform | OAuth 2.0 | [0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}|
| Google Cloud Platform | API Key | [A-Za-z0-9_]{21}--[A-Za-z0-9_]{8}|
| Heroku | API Key | [0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}|
| Heroku | OAuth 2.0 | [0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}|