Home

Awesome

JSScanner

Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.

Watch the video

Installation :

git clone https://github.com/0x240x23elu/JSScanner.git
cd JSScanner
pip3 install -r  requirements.txt

Note

If you Want to Add New Regex , Please check Regex in python regex checker . Regex File Regex.txt
Output file bydefault output.txt

How to Use

echo "example.com" | waybackurls | grep -iE '\.js'|grep -ivE '\.json'|sort -u  > j.txt
or
echo "example.com" | waybackurls | httpx > live.txt

python3 JSScanner.py
Please Enter Any File: text.txt (your links file)
Path Of Regex/Patten File: regex.txt (your regex file)

Open redirect

 Now JSScanner fetch open redirect param from Live site
 Copy Below Regex in Regex.txt
 
 (next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)(([\w.-]*)\.([\w]*)\.([A-z]))\w+
 
(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)(http|https)

(next=|url=|target=|rurl=|dest=|destination=|redir=|redirect_uri=|redirect_url=|redirect=|/redirect/|cgi-bin/|redirect.cgi|/out/|/out|view=|loginto=|image_url=|go=|return=|returnTo=|return_to=|checkout_url=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|url=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=)((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+


video

https://www.youtube.com/watch?v=hsT5BL_EV-g
https://youtu.be/hsT5BL_EV-g
[![Watch the video](https://img.youtube.com/vi/hsT5BL_EV-g/1.jpg)](https://www.youtube.com/watch?v=hsT5BL_EV-g)

Some Regex

Thank you 

https://github.com/odomojuli https://github.com/odomojuli/RegExAPI

NameTypeRegex
TwitterAccess Token[1-9][ 0-9]+-[0-9a-zA-Z]{40}
TwitterAccess Token[1-9][ 0-9]+-[0-9a-zA-Z]{40}
FacebookAccess TokenEAACEdEose0cBA[0-9A-Za-z]+
FacebookOAuth 2.0[A-Za-z0-9]{125}
InstagramOAuth 2.0[0-9a-fA-F]{7}.[0-9a-fA-F]{32}
GoogleOAuth 2.0API Key
GitHubOAuth 2.0[0-9a-fA-F]{40}
GmailOAuth 2.0[0-9(+-[0-9A-Za-z_]{32}.apps.qooqleusercontent.com
FoursquareClient Key[0-9a-zA-Z_][5,31]
FoursquareSecret KeyR_[0-9a-f]{32}
PicaticAPI Keysk_live_[0-9a-z]{32}
StripeStandard API Keysk_live_(0-9a-zA-Z]{24}
StripeRestricted API Keysk_live_(0-9a-zA-Z]{24}
Finance SquareAccess TokensqOatp-[0-9A-Za-z-_]{22}
Finance SquareOAuth Secretq0csp-[ 0-9A-Za-z-_]{43}
FinancePaypal / BraintreeAccess Token
AMSAuth Tokenamzn.mws]{8}-[0-9a-f]{4}-10-9a-f1{4}-[0-9a,]{4}-[0-9a-f]{12}
TwilioAPI Key55[0-9a-fA-F]{32}
MailGunAPI Keykey-[0-9a-zA-Z]{32}
MailChimpAPI Key[0-9a-f]{32}-us[0-9]{1,2}
SlackAPI Keyxox[baprs]-[0-9]{12}-[0-9]{12}-[0-9a-zA-Z]{24}
Amazon Web ServicesAccess Key IDAKIA[0-9A-Z]{16}
Amazon Web ServicesSecret Key[0-9a-zA-Z/+]{40}
Google Cloud PlatformOAuth 2.0[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
Google Cloud PlatformAPI Key[A-Za-z0-9_]{21}--[A-Za-z0-9_]{8}
HerokuAPI Key[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
HerokuOAuth 2.0[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}