java script sensitive data
Embedded Files
1/ 1st we have to find the subdomain of target domain.
Tools:
# To find subdomain we can use
i . subfinder ( in linux terminal )
ii. projectdiscovery.io ( link )
2/ Then try to find alive or filter subdomain with "httpx" tool.
# The command is,
---> httpx-toolkit -l exampl.txt -o new_exampl.txt
3/ use " wayback " tool.
# command is ,
---> cat new_exampl.txt | wayback > new.txt
4/ Then use katana tool for find js file.
# command,
---> katana -list rapydfinel.txt -jc
---> katana -list rapydfinel.txt -jc -v | grep ".js$" | uniq | sort > rapydjskatana.txt
or,
---> katana -list rapydfinel.txt -jc -d 2 | grep ".js$" | uniq | sort > rapydjskatana.txt
To Automation :
# use secretfinder tool to find secret
The command is,
---> cat rapydjskatana.txt | while read url; do python3 SecretFinder/SecretFinder.py -i $url -o cli >> secret.txt; done
After complete automation now check the given information and find the secret.
Summary:
Summary Tools
1/ Find subdomain of domain --------------------------------------------------- Subfinder
2/ Find js file from subdomains or particular subdomain ------------- katana
3/ Find js file hidden and secrete information ----------------------------- SecreteFinder
4/ If find any information then submit that.
Page updated
Google Sites
Report abuse