Home

Awesome

<img src="https://user-images.githubusercontent.com/18099289/62728809-f98b0900-ba1c-11e9-8dd8-67111263a21f.png" width=650px>

About LinkFinder

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of four small regular expressions. These are responsible for finding:

The output is given in HTML or plaintext. @karel_origin has written a Chrome extension for LinkFinder which can be found here.

Screenshots

LinkFinder

Installation

LinkFinder supports Python 3.

$ git clone https://github.com/GerbenJavado/LinkFinder.git
$ cd LinkFinder
$ python setup.py install

Dependencies

LinkFinder depends on the argparse and jsbeautifier Python modules. These dependencies can all be installed using pip.

$ pip3 install -r requirements.txt

Usage

Short FormLong FormDescription
-i--inputInput a: URL, file or folder. For folders a wildcard can be used (e.g. '/*.js').
-o--output"cli" to print to STDOUT, otherwise where to save the HTML file Default: output.html
-r--regexRegEx for filtering purposes against found endpoints (e.g. ^/api/)
-d--domainToggle to use when analyzing an entire domain. Enumerates over all found JS files.
-b--burpToggle to use when inputting a Burp 'Save selected' file containing multiple JS files
-c--cookiesAdd cookies to the request
-h--helpshow the help message and exit

Examples

python linkfinder.py -i https://example.com/1.js -o results.html

python linkfinder.py -i https://example.com/1.js -o cli

python linkfinder.py -i https://example.com -d

python linkfinder.py -i burpfile -b

python linkfinder.py -i 'Desktop/*.js' -r ^/api/ -o results.html

Docker

Unit-test

pytest test_parser.py

Final remarks