This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
PushkraJ PushkraJ99
PushkraJ99
/ ejs.sh
Created
January 15, 2024 18:02
— forked from gwen001/ejs.sh
onliner to extract endpoints from JS files of a given host
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu | |
| # using linkfinder | |
| function ejs() { | |
| URL=$1; | |
| curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'" | |
| } | |
| # with file download (the new best one): | |
| # but there is a bug if you don't provide a root url |
PushkraJ99
/ JavascriptRecon.md
Created
January 15, 2024 17:55
— forked from fuckup1337/JavascriptRecon.md
My Javascript Recon Process - BugBounty
PushkraJ99
/ AngularTI.md
Created
December 18, 2023 14:06
— forked from mccabe615/AngularTI.md
Angular Template Injection Payloads
PushkraJ99
/ shodanRecon
Created
September 21, 2023 06:59
— forked from ShubhamPy/shodanRecon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| org: org_name | |
| kibana content-length:217 | |
| org:”Amazon” ssl:”target” | |
| ssl:”target” | |
| html:”Dashboard Jenkins” http.component:”jenkins” | |
| http.title:”302 Found” | |
| http.component%3A”java” | |
| https://www.shodan.io/host/ip#9200 | |
| https://www.shodan.io/host/ip | |
| X-Redirect-By: WordPress ssl:”name” |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Age-Calculator-Project (Github:-PushkraJ99) | |
| from tkinter import * | |
| from datetime import date | |
| win = Tk() | |
| win.title("AGE-CALCULATOR") #Title | |
| win.configure(bg="#4F4F4F") #Backround color | |
| win.geometry("400x400") #Size of the window | |
| new = Label(win,bg="#4F4F4F") | |
| new.grid(row=5,column=0,columnspan=3) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Tower Of Hanoi (Github:-PushkraJ99) | |
| from tkinter import N | |
| def TOH(numbers, start, aux, end): | |
| if numbers ==1: | |
| print("Move Disk 1 From Rod {} to Rod {} ".format(start,end)) | |
| return | |
| TOH(numbers-1,start,end,aux) | |
| print("Move Disk {} From Rod {} to Rod {} ".format(numbers,start,end)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Password Cracker (Github:-PushkraJ99) | |
| # importing random | |
| from random import* | |
| # taking input from user | |
| user_pass = input("Enter your password :- ") | |
| # storing alphabet letter to use thm to crack password | |
| password = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j','k', | |
| 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't','u','v', |
PushkraJ99
/ Linear search using Python.py
Last active
June 5, 2022 15:31
Linear search using Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Linear search using Python (Github:-PushkraJ99) | |
| pos = -1 | |
| def search(list, n): | |
| i = 0 | |
| while i< len(list): | |
| if list[i] == n: | |
| globals()['pos'] = i | |
| return True |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Palindrome using Python (Github:-PushkraJ99) | |
| num=int(input("Enter a number:")) | |
| temp=num | |
| rev=0 | |
| while(num>0): | |
| dig=num%10 | |
| rev=rev*10+dig | |
| num=num//10 | |
| if(temp==rev): | |
| print("The number is palindrome!") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Palindrome using Python (Github:-PushkraJ99) | |
| string=input(("Enter a string:")) | |
| if(string==string[::-1]): | |
| print("The string is a palindrome") | |
| else: | |
| print("The string is Not a palindrome") |