Skip to content
/ jsleak Public

jsleak is a tool to find secret , paths or links in the source code during the recon.

504 stars 49 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

byt3hx/jsleak

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
images
images
 
 
README.md
README.md
 
 
main.go
main.go
 
 

Repository files navigation

Description

I was developing jsleak during most of my free time for my own need.It is easy-to-use command-line tool designed to uncover secrets and links in JavaScript files or source code. The jsleak was inspired by Linkfinder and regexes are collected from multiple sources.

Features:

  • Discover secrets in JS files such as API keys, tokens, and passwords.
  • Identify links in the source code.
  • Complete Url Function
  • Concurrent processing for scanning of multiple Urls
  • Check status code if the url is alive or not

Latest Update

Jsleak now supports regex patterns from secrets-patterns-db https://github.com/mazen160/secrets-patterns-db.

If you want to use your own custom regex patterns, you can place them in a YAML file following the template below.

patterns:
  - pattern:
      name: Amazon MWS Auth Token
      regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
      confidence: low

Installation

If you are using old version of golang (go 1.15, 1.16) , use the following command to install jsleak.

go get github.com/channyein1337/jsleak

If you are using latest version of go (1.17+) , use the following command to install.

go install github.com/channyein1337/jsleak@latest

Usage

Choose a YAML file from the secrets-patterns-db. If you’re not sure which one to pick, consider using: https://raw.githubusercontent.com/mazen160/secrets-patterns-db/refs/heads/master/datasets/trufflehog-v3.yaml

Run jsleak with Your Selected Regex File

echo "http://testphp.vulnweb.com/" | jsleak -t trufflehog-v3.yaml -s

To display help message

jsleak -h

Secret Finder

echo http://testphp.vulnweb.com/ | jsleak  -t secret.yaml -s

Link Finder

echo http://testphp.vulnweb.com/ | jsleak -l

Complete Url

echo http://testphp.vulnweb.com/ | jsleak -e

Check Status

echo http://testphp.vulnweb.com/ | jsleak -c 20 -k

You can also use multiple flags

echo http://testphp.vulnweb.com/ | jsleak -c 20 -l -s

Running with Urls

cat urls.txt | jsleak -l -s -c 30

To Do

  • Scan secret on completeURL with 200 response.
  • Add Version flag.
  • Support scanning local files.
  • Support scanning apk files.
  • Update Regex.
  • Support mulitple user agents.
  • Support color output

Credit and thanks to all the following resources

About

jsleak is a tool to find secret , paths or links in the source code during the recon.

Resources

Readme
Activity

Stars

504 stars

Watchers

4 watching

Forks

49 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages