-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create JavaScriptRouteExplorer.bambda
JavaScript
- Loading branch information
1 parent
6f2709f
commit 1f88e79
Showing
1 changed file
with
124 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,124 @@ | ||
| /** | ||
| * JavaScript Route Explorer designed to discover and analyze JavaScript routes and endpoints. | ||
| * It intelligently scans JavaScript files to detect hidden or non-standard endpoints, aiding in thorough exploration of web assets. | ||
| * Features include duplicate removal, customizable scan types ('Balanced', 'Deep', 'Custom'), and highlighting of key terms within JavaScript files. | ||
| * Users can define their own regex patterns for more targeted scanning and annotate results with custom words for enhanced visibility. | ||
| * @author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) | ||
| **/ | ||
|
|
||
|
|
||
|
|
||
|
|
||
| boolean manualColorHighlightEnabled = true; | ||
| String scanType = "Balanced"; // Can be 'Balanced', 'Deep', 'Custom' | ||
| // For 'Custom' scan type, enter your regex between the quotes. Do not include the brackets. | ||
| // Example: String customRegex = "your_regex_here"; | ||
| String customRegex = "[Your custom regex here]"; // User-defined custom regex for 'Custom' scan type | ||
| Set<String> uniqueEndpoints = new HashSet<>(); | ||
| // Define words that, if found in endpoints, will mark the note as high importance (red color) | ||
| // Add or remove words as needed. Words added here will be highlighted in red in the final notes. | ||
| String[] highValueWords = {"debug", "admin", "test", "config"}; | ||
|
|
||
| if (!requestResponse.hasResponse() || requestResponse.response() == null) { | ||
| return false; | ||
| } | ||
|
|
||
| MimeType responseType = requestResponse.response().mimeType(); | ||
| boolean isHtml = responseType == MimeType.HTML; | ||
| boolean isJavaScript = responseType == MimeType.SCRIPT; | ||
|
|
||
| if (!isHtml && !isJavaScript) { | ||
| return false; | ||
| } | ||
|
|
||
| Pattern regexPattern; | ||
| switch (scanType) { | ||
| case "Balanced": | ||
| // 'Balanced' scan type: Accurate for most use cases, but might miss some endpoints | ||
| regexPattern = Pattern.compile("(?<=(\"|'|`))\\/[a-zA-Z0-9_:?&=/\\-#.]*(?=(\"|'|`))", Pattern.DOTALL); | ||
| break; | ||
| case "Deep": | ||
| // 'Deep' scan type: More extensive but may include false positives | ||
| regexPattern = Pattern.compile("(?<=(\"|'|`))[^\"'`]*\\/[a-zA-Z0-9_:?&=/\\-#.]*(?=(\"|'|`))", Pattern.DOTALL); | ||
| break; | ||
| case "Custom": | ||
| // 'Custom' scan type: Use the regex defined in 'customRegex' | ||
| regexPattern = Pattern.compile(customRegex, Pattern.DOTALL); | ||
| break; | ||
| case "Keys and Secrets": | ||
| // 'Keys and Secrets' scan type: Feature for detecting secrets and keys (coming soon) | ||
| System.out.println("Keys and Secrets scan type - Coming soon!"); | ||
| return false; | ||
| default: | ||
| // Exit if scanType is invalid | ||
| return false; | ||
| } | ||
|
|
||
| boolean foundItems = false; | ||
| boolean highValueWordFound = false; | ||
| StringBuilder notesBuilder = new StringBuilder(); | ||
| HighlightColor highlightColor = isHtml ? HighlightColor.GREEN : HighlightColor.YELLOW; | ||
|
|
||
| String responseBody = requestResponse.response().bodyToString(); | ||
| Matcher matcher = regexPattern.matcher(responseBody); | ||
|
|
||
| while (matcher.find()) { | ||
| String item = matcher.group(); | ||
| for (String word : highValueWords) { | ||
| if (Pattern.compile("\\b" + Pattern.quote(word) + "\\b").matcher(item).find()) { | ||
| highValueWordFound = true; | ||
| break; | ||
| } | ||
| } | ||
|
|
||
| if (!item.equals("/") && !item.equals("//") && !item.matches(".*\\.(css|png|gif|svg|woff2|jpeg|jpg|ico|bmp|woff)$") && uniqueEndpoints.add(item)) { | ||
| foundItems = true; | ||
| if (manualColorHighlightEnabled) { | ||
| notesBuilder.append(item).append("\n"); | ||
| } | ||
| } | ||
| } | ||
|
|
||
|
|
||
|
|
||
| String YourFolderPath = "C:\\Users\\XYZ\\Desktop"; | ||
| String dataFilePath = YourFolderPath + "\\Data.txt"; | ||
|
|
||
| // Write endpoints to the file | ||
| try (BufferedWriter writer = new BufferedWriter(new FileWriter(dataFilePath, true))) { | ||
| for (String endpoint : uniqueEndpoints) { | ||
| if (!endpoint.trim().isEmpty()) { | ||
| writer.write(endpoint + "\n"); | ||
| } | ||
| } | ||
| } catch (IOException e) { | ||
| e.printStackTrace(); | ||
| } | ||
|
|
||
| // Read the file, remove duplicates and empty lines, and rewrite | ||
| try { | ||
| BufferedReader reader = new BufferedReader(new FileReader(dataFilePath)); | ||
| Set<String> lines = new LinkedHashSet<>(); | ||
| String line; | ||
| while ((line = reader.readLine()) != null) { | ||
| if (!line.trim().isEmpty()) { | ||
| lines.add(line); | ||
| } | ||
| } | ||
| reader.close(); | ||
|
|
||
| BufferedWriter writer = new BufferedWriter(new FileWriter(dataFilePath)); | ||
| for (String uniqueLine : lines) { | ||
| writer.write(uniqueLine + "\n"); | ||
| } | ||
| writer.close(); | ||
| } catch (IOException e) { | ||
| e.printStackTrace(); | ||
| } | ||
|
|
||
| return foundItems; | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|