Skip to content

jrabbit00/roger-sourcemap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.github
.github
 
 
FUNDING.yml
FUNDING.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
sourcemap.py
sourcemap.py
 
 

Repository files navigation

Roger SourceMap 🐰

Python 3.7+ License: MIT

Source map (.map) scanner for bug bounty reconnaissance.

Discovers hidden endpoints, debug routes, internal source file paths, and potential secrets through source map analysis.

Part of the Roger Toolkit - 14 free security tools for bug bounty hunters.

🔥 Get the complete toolkit on Gumroad

Why Source Maps?

Source maps are JSON files that map minified JavaScript back to original source code. They often contain:

  • Full API endpoints not exposed in the UI
  • Debug and development endpoints
  • Source file paths revealing internal structure
  • Variable/function names that hint at vulnerabilities

Features

  • Recursively find all .map files on a target
  • Parse source map JSON to extract mappings
  • Find hidden endpoints and debug routes
  • Extract source file paths
  • Analyze source content for secrets
  • Multi-threaded scanning

Installation

git clone https://github.com/jrabbit00/roger-sourcemap.git
cd roger-sourcemap
pip install -r requirements.txt

Usage

# Basic scan
python3 sourcemap.py https://target.com

# Save results
python3 sourcemap.py target.com -o results.txt

# Deep scan (more pages)
python3 sourcemap.py target.com --depth 5

Options

Flag Description
-o, --output Output results to file
-t, --threads Number of threads (default: 10)
-d, --depth Max crawl depth (default: 3)
-q, --quiet Quiet mode

What It Finds

  • /api/debug/*, /api/admin/*
  • Internal endpoints (/internal/*, /private/*)
  • Source file paths
  • Environment variables
  • API keys in source (sometimes)

Examples

# Full scan
python3 sourcemap.py https://example.com

# Quiet mode with output
python3 sourcemap.py example.com -q -o findings.txt

🐰 Part of the Roger Toolkit

Tool Purpose
roger-recon All-in-one recon suite
roger-direnum Directory enumeration
roger-jsgrab JavaScript analysis
roger-sourcemap Source map extraction
roger-paramfind Parameter discovery
roger-wayback Wayback URL enumeration
roger-cors CORS misconfigurations
roger-jwt JWT security testing
roger-headers Security header scanner
roger-xss XSS vulnerability scanner
roger-sqli SQL injection scanner
roger-redirect Open redirect finder
roger-idor IDOR detection
roger-ssrf SSRF vulnerability scanner

☕ Support

If Roger SourceMap helps you find vulnerabilities, consider supporting the project!

License

MIT License - Created by J Rabbit

About

No description or website provided.

Topics

python bug-bounty pentesting security-tools reconnaissance vulnerability-scanner

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages