Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ndr-repo/docufinderjs
An external attack surface monitoring (EASM) tool to find externally accessible documents.
https://github.com/ndr-repo/docufinderjs
bookmarklet cybersecurity dorking dorking-tool infosec osint osint-tool
Last synced: 3 days ago
JSON representation
An external attack surface monitoring (EASM) tool to find externally accessible documents.
- Host: GitHub
- URL: https://github.com/ndr-repo/docufinderjs
- Owner: ndr-repo
- Created: 2024-12-12T22:59:35.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2025-01-18T00:10:31.000Z (26 days ago)
- Last Synced: 2025-01-18T01:20:01.606Z (26 days ago)
- Topics: bookmarklet, cybersecurity, dorking, dorking-tool, infosec, osint, osint-tool
- Language: JavaScript
- Homepage:
- Size: 25.4 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# DocuFinderJS
**DocuFinder** is an external attack surface monitoring (EASM) tool that automates traditional OSINT techniques to find externally accessible documents within a target domain.
Protect your organization, improve your penetration tests, increase your bug bounty revenue, & more.
# Disclaimer
**DocuFinder is intended for authorized use only**.
- If you are an investigator or open-source intelligence professional, ensure you have proper jurisdiction prior to accessing results.
- For external penetration tests & bug bounty work, only access scan results after verifying authorization from the target domain.
- i.e: *Is the URL I found in-scope of my penetration test or investigation?*
- By running a scan, this is passive reconnaissance. However, opening links contained in scan results is an active engagement.
- These could be files containing sensitive info & downloaded directly to your machine on-access.
- **I am not responsible for any legal or criminal proceedings filed against you for using this tool**.
# Getting Started
To get started with the DocuFinderJS bookmarklet, perform the following:
1. **Open the source code in any text editor**.
2. **Highlight the source code & copy. No need to make any changes**.
3. **Open your browser of choice**.
- I have found Firefox works best for working with bookmarklets.
4. **Create a bookmark in your browser's bookmark bar**.
- You'll want to set the bar to always appear.
5. **Paste the bookmarklet in the URL section**.
- To validate, press the "HOME" key after pasting & verify the entry begins with "javascript:".
6. **Create a name for the bookmarklet**.
- I recommend setting this to the name included with the release, such as "DocuFinderJS v1.3" This way, when I release updates, you can easily verify if you are running the latest release.
7. **Create a new tab and click on the bookmarklet**.
- I recommend running this in a new tab in a dedicated browser for these tools, since you'll have to disable pop-ups. This is only to open windows containing your search results, nothing more.
8. **Enter your target domain in the prompt**.
- If you are a penetration tester, this could be a client you are performing passive reconnaissance on.
- If you are working on a bug bounty program, the same would apply when this is authorized & in-scope.
- If you are a cybersecurity analyst or information security officer, this might be your employer's domain.
9. **Review your results & enjoy**.
- Once again, please verify that the domain containing the files is in-scope for the project you are supporting prior to access.
# External Links
- For more info on using JavaScript bookmarklets, check out this guide.
- [**Installing Bookmarklets - mreidsma.github.io**](https://mreidsma.github.io/bookmarklets/installing.html)