GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → GerbenJavado → Linkfinder

GerbenJavado / Linkfinder

Licence: mit
A python script that finds endpoints in JavaScript files

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects
Dockerfile
14818 projects

Labels

infosecendpoints

Projects that are alternatives of or similar to Linkfinder

Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (-94.62%)
Mutual labels:  infosec
Breach.tw
A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
Stars: ✭ 144 (-93.65%)
Mutual labels:  infosec
Offensive Dockerfiles
Offensive tools as Dockerfiles. Lightweight & Ready to go
Stars: ✭ 150 (-93.39%)
Mutual labels:  infosec
Gitlab Watchman
Monitoring GitLab for sensitive data shared publicly
Stars: ✭ 127 (-94.4%)
Mutual labels:  infosec
Kurukshetra
Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Stars: ✭ 131 (-94.22%)
Mutual labels:  infosec
Pyiris Backdoor
PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>
Stars: ✭ 145 (-93.61%)
Mutual labels:  infosec
Goaltdns
A permutation generation tool written in golang
Stars: ✭ 119 (-94.75%)
Mutual labels:  infosec
Urlcrazy
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
Stars: ✭ 150 (-93.39%)
Mutual labels:  infosec
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-93.83%)
Mutual labels:  infosec
Proof Of Concepts
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-93.47%)
Mutual labels:  infosec
Oob Server
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Stars: ✭ 125 (-94.49%)
Mutual labels:  infosec
Wireshark Cheatsheet
Wireshark Cheat Sheet
Stars: ✭ 131 (-94.22%)
Mutual labels:  infosec
Wincmdfu
Windows one line commands that make life easier, shortcuts and command line fu.
Stars: ✭ 145 (-93.61%)
Mutual labels:  infosec
Chatter
internet monitoring osint telegram bot for windows
Stars: ✭ 123 (-94.58%)
Mutual labels:  infosec
Amitt framework
Repo replaced by cogsec-collaborative/AMITT
Stars: ✭ 152 (-93.3%)
Mutual labels:  infosec
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (-14.07%)
Mutual labels:  infosec
Binsnitch
Detect silent (unwanted) changes to files on your system
Stars: ✭ 144 (-93.65%)
Mutual labels:  infosec
Karma
Find leaked emails with your passwords
Stars: ✭ 154 (-93.21%)
Mutual labels:  infosec
Netpwn
Tool made to automate tasks of pentesting.
Stars: ✭ 152 (-93.3%)
Mutual labels:  infosec
Myriam
A vulnerable iOS App with Security Challenges for the Security Researcher inside you.
Stars: ✭ 146 (-93.56%)
Mutual labels:  infosec
View All Similar Projects ➔

About LinkFinder

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of four small regular expressions. These are responsible for finding:

  • Full URLs (https://example.com/*)
  • Absolute URLs or dotted URLs (/\* or ../*)
  • Relative URLs with at least one slash (text/test.php)
  • Relative URLs without a slash (test.php)

The output is given in HTML or plaintext. @karel_origin has written a Chrome extension for LinkFinder which can be found here.

Screenshots

LinkFinder

Installation

LinkFinder supports Python 3.

$ git clone https://github.com/GerbenJavado/LinkFinder.git
$ cd LinkFinder
$ python setup.py install

Dependencies

LinkFinder depends on the argparse and jsbeautifier Python modules. These dependencies can all be installed using pip.

$ pip3 install -r requirements.txt

Usage

Short Form Long Form Description
-i --input Input a: URL, file or folder. For folders a wildcard can be used (e.g. '/*.js').
-o --output "cli" to print to STDOUT, otherwise where to save the HTML file Default: output.html
-r --regex RegEx for filtering purposes against found endpoints (e.g. ^/api/)
-d --domain Toggle to use when analyzing an entire domain. Enumerates over all found JS files.
-b --burp Toggle to use when inputting a Burp 'Save selected' file containing multiple JS files
-c --cookies Add cookies to the request
-h --help show the help message and exit

Examples

  • Most basic usage to find endpoints in an online JavaScript file and output the HTML results to results.html:

python linkfinder.py -i https://example.com/1.js -o results.html

  • CLI/STDOUT output (doesn't use jsbeautifier, which makes it very fast):

python linkfinder.py -i https://example.com/1.js -o cli

  • Analyzing an entire domain and its JS files:

python linkfinder.py -i https://example.com -d

  • Burp input (select in target the files you want to save, right click, Save selected items, feed that file as input):

python linkfinder.py -i burpfile -b

  • Enumerating an entire folder for JavaScript files, while looking for endpoints starting with /api/ and finally saving the results to results.html:

python linkfinder.py -i 'Desktop/*.js' -r ^/api/ -o results.html

Docker

  • Build the Docker image:

    docker build -t linkfinder

  • Run with Docker

    docker run --rm -v $(pwd):/linkfinder/output linkfinder -i http://example.com/1.js -o /linkfinder/output/output.html

    Make sure to use the path /linkfinder/output in your output path, or the output will be lost when the container exits.

Unit-test

  • Require pytest

pytest test_parser.py

Final remarks

  • This is the first time I publicly release a tool. Contributions are much appreciated!
  • LinkFinder is published under the MIT License.
  • Thanks to @jackhcable for providing me with feedback.
  • Special thanks @edoverflow for making this project a lot cleaner and awesome.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].