Skip to content

Commit 425a550

Browse files
six2dezsix2dez
committed
added jsluice patterns & improved js secret detection
1 parent b9ebad4 commit 425a550

File tree

2 files changed

+8
-9
lines changed

2 files changed

+8
-9
lines changed

install.sh

+1
Original file line numberDiff line numberDiff line change
@@ -621,6 +621,7 @@ function initial_setup() {
621621
["ssti_wordlist"]="https://gist.githubusercontent.com/six2dez/ab5277b11da7369bf4e9db72b49ad3c1/raw ${ssti_wordlist}"
622622
["headers_inject"]="https://gist.github.com/six2dez/d62ab8f8ffd28e1c206d401081d977ae/raw ${tools}/headers_inject.txt"
623623
["axiom_config"]="https://gist.githubusercontent.com/six2dez/6e2d9f4932fd38d84610eb851014b26e/raw ${tools}/axiom_config.sh"
624+
["jsluice_patterns"]="https://gist.githubusercontent.com/six2dez/2aafa8dc2b682bb0081684e71900e747/raw ${tools}/jsluice_patterns.json"
624625
)
625626

626627
for key in "${!downloads[@]}"; do

reconftw.sh

+7-9
Original file line numberDiff line numberDiff line change
@@ -3475,7 +3475,7 @@ function urlchecks() {
34753475
interlace -tL .tmp/url_extract_js.txt -threads 10 -c "${tools}/JSA/venv/bin/python3 ${tools}/JSA/jsa.py -f _target_ | anew -q .tmp/url_extract_tmp.txt" &>/dev/null
34763476
fi
34773477

3478-
grep -a "$domain" .tmp/url_extract_tmp.txt | grep -E '^((http|https):\/\/)?([a-zA-Z0-9\-\.]+\.)+[a-zA-Z]{1,}(\/.*)?$' | grep "=" | qsreplace -a 2>>"$LOGFILE" | grep -aEiv "\.(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|pdf|svg|txt|js)$" | anew -q .tmp/url_extract_tmp2.txt
3478+
grep -a "$domain" .tmp/url_extract_tmp.txt | grep -E '^((http|https):\/\/)?([a-zA-Z0-9\-\.]+\.)+[a-zA-Z]{1,}(\/.*)?$' | grep "=" | qsreplace -a 2>>"$LOGFILE" | grep -aEiv "\.(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|pdf|svg)$" | anew -q .tmp/url_extract_tmp2.txt
34793479

34803480
if [[ -s ".tmp/url_extract_tmp2.txt" ]]; then
34813481
urless <.tmp/url_extract_tmp2.txt | anew -q .tmp/url_extract_uddup.txt 2>>"$LOGFILE" >/dev/null
@@ -3711,7 +3711,7 @@ function jschecks() {
37113711
fi
37123712

37133713
if [[ -s ".tmp/url_extract_jsmap.txt" ]]; then
3714-
interlace -tL js/js_livelinks.txt -threads "$INTERLACE_THREADS" \
3714+
interlace -tL js/url_extract_jsmap.txt -threads "$INTERLACE_THREADS" \
37153715
-c "sourcemapper -url '_target_' -output _output_/_cleantarget_" \
37163716
-o .tmp/sourcemapper 2>>"$LOGFILE" >/dev/null
37173717
fi
@@ -3735,15 +3735,13 @@ function jschecks() {
37353735
if [[ $AXIOM != true ]]; then
37363736
cat js/js_livelinks.txt | mantra -ua \"$HEADER\" -s | anew -q js/js_secrets.txt 2>>"$LOGFILE" >/dev/null
37373737
else
3738+
axiom-exec "go install github.com/Brosck/mantra@latest" 2>>"$LOGFILE" >/dev/null
37383739
axiom-scan js/js_livelinks.txt -m mantra -ua "$HEADER" -s -o js/js_secrets.txt "$AXIOM_EXTRA_ARGS" &>/dev/null
37393740
fi
3740-
if [[ -s "js/js_secrets.txt" ]]; then
3741-
trufflehog filesystem js/js_secrets.txt -j 2>/dev/null |
3742-
jq -c | anew -q js/js_secrets_trufflehog.txt
3743-
trufflehog filesystem .tmp/sourcemapper/ -j 2>/dev/null |
3744-
jq -c | anew -q js/js_secrets_trufflehog.txt
3745-
sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2};?)?)?[mGK]//g" -i js/js_secrets.txt
3746-
fi
3741+
mkdir -p .tmp/sourcemapper/secrets
3742+
for i in $( cat js/js_secrets.txt | cut -d' ' -f2 ); do wget -q -P .tmp/sourcemapper/secrets $i ; done
3743+
trufflehog filesystem .tmp/sourcemapper/ -j 2>/dev/null | jq -c | anew -q js/js_secrets_jsmap.txt
3744+
find .tmp/sourcemapper/ -type f -name "*.js" | jsluice secrets -j --patterns=~/Tools/jsluice-patterns.json | anew -q js/js_secrets_jsmap_jsluice.txt
37473745
fi
37483746

37493747
printf "%bRunning: Building wordlist 6/6%b\n" "$yellow" "$reset"

0 commit comments

Comments
 (0)