Skip to content
A python script that finds endpoints in JavaScript files
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore handle url startwith view-source: Jul 5, 2017
LICENSE
README.md add basic-unit-test Oct 1, 2018
linkfinder.py
setup.py Update setup.py Mar 30, 2018
template.html Contenteditable=false for button Jul 1, 2017
test_parser.py better detection on html extension Oct 30, 2018

README.md

About LinkFinder

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of four small regular expressions. These are responsible for finding:

  • Full URLs (https://example.com/*)
  • Absolute URLs or dotted URLs (/* or ../*)
  • Relative URLs with atleast one slash (text/test.php)
  • Relative URLs without a slash (test.php)

The output is given in HTML. Karel_origin has written a chrome extension for LinkFinder which can be found here.

Screenshots

LinkFinder

Installation

LinkFinder supports Python 2 & 3.

$ git clone https://github.com/GerbenJavado/LinkFinder.git
$ cd LinkFinder
$ python setup.py install

Dependencies

LinkFinder depends on the argparse and jsbeautifier python modules. These dependencies can all be installed using pip.

Usage

Short Form Long Form Description
-i --input Input a: URL, file or folder. For folders a wildcard can be used (e.g. '/*.js').
-o --output Where to save the file, including file name or output to CLI. Default: output.html
-r --regex RegEx for filtering purposes against found endpoints (e.g. ^/api/)
-d --domain Toggle to use when analyzing an entire domain. Enumerates over all found JS files.
-b --burp Toggle to use when inputting a Burp 'Save selected' file containing multiple JS files
-c --cookies Add cookies to the request
-h --help show the help message and exit

Examples

  • Most basic usage to find endpoints in an online JavaScript file and output the results to results.html:

python linkfinder.py -i https://example.com/1.js -o results.html

  • CLI ouput (doesn't use jsbeautifier, which makes it very fast):

python linkfinder.py -i https://example.com/1.js -o cli

  • Analyzing an entire domain and its JS files:

python linkfinder.py -i https://example.com -d

  • Burp input (select in target the files you want to save, right click, Save selected items, feed that file as input):

python linkfinder.py -i burpfile -b

  • Enumerating an entire folder for JavaScript files, while looking for endpoints starting with /api/ and finally saving the results to results.html:

python linkfinder.py -i 'Desktop/*.js' -r ^/api/ -o results.html

Unit-test

  • Require pytest

pytest test_parser.py

Final remarks

  • This is the first time I publicly release a tool. Contributions are much appreciated!
  • LinkFinder is published under the MIT License.
  • Thanks to @jackhcable for providing me with feedback.
  • Special thanks @edoverflow for making this project a lot cleaner and awesome.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.