This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
irony0egoist
/ gist:6afd605bbef3e1b32d7404f613ff87e2
Last active
January 28, 2022 03:19
ShodanForAll
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Shodan | |
| —— | |
| product:MySQL | |
| product:apache | |
| country:"CN" | |
| port:”21,23” ssh ssh的端口21或23 | |
| -port:”21” ssh非常规端口 | |
| —— | |
irony0egoist
/ JavascriptRecon.md
Created
November 22, 2021 04:49
My Javascript Recon Process - BugBounty
irony0egoist
/ wordlist_from_js.sh
Created
November 15, 2021 05:10
— forked from seqrity/wordlist_from_js.sh
Make wordlist from js files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| ## This script fetch js files from a domain name and make a wordlist by words in js files | |
| ## Credit: https://gist.github.com/aufzayed/6cabed910c081cc2f2186cd27b80f687 | |
| ##### Install requirements ##### | |
| ##### Before running this script you should install Go ##### | |
| ## Install subjs (https://github.com/lc/subjs) | |
| GO111MODULE=on go get -u -v github.com/lc/subjs |
Python备忘录-基于Python3
=================