Unleashing The Power of a JavaScript Bookmarklet for Endpoint Discovery in Bug Bounty and Penetration Testing
السَّلاَمُ عَلَيْكُمْ وَرَحْمَةُ اللهِ وَبَرَكَاتُهُ
May the peace, mercy, and blessings of Allah be with You!
May the peace, mercy, and blessings of Allah be with You!
Awesome Script for Finding Endpoints:
Here is another awesome and easy script for Finding Endpoints from your target using your web browser.
This code called JavaScript Bookmarklet, is a small piece of code that can be saved as a bookmark in a web browser and executed on a webpage to perform specific actions or tasks. Let's break down the code step by step:
1. The code is wrapped in an immediately invoked function expression (IIFE). This allows the code to run immediately after it is loaded as a bookmarklet.
2. The code starts by selecting all <script> elements on the current webpage and stores them in the 'scripts' variable.
3. It defines a regular expression 'regex' that is used to match URLs (HTTP/HTTPS) within single quotes ('), double quotes ("), or backticks (```) in the fetched scripts' content.
4. A 'Set' named results is initialized to store unique matched URLs.
5. The code then iterates through each fetched script's URL and fetches its content using the fetch() function.
6. Once the content of each script is retrieved, the code uses the regular expression regex to find all URLs within the script's content. It iterates through each match and adds it to the results set.
7. If any errors occur during the fetch operation, they are logged to the console.
8. After fetching the external scripts' URLs and finding URLs within the page's content, the code then retrieves the entire HTML content of the current webpage and stores it in the pageContent variable.
9. It again uses the regular expression regex to find all URLs within the entire page's content. It iterates through each match and adds it to the results set.
10. Finally, a function named writeResults() is defined to display the unique URLs found in the results set on the current webpage using document.write(). The setTimeout() function is used to delay the execution of the writeResults() function for 3 seconds (3000 milliseconds).
2. The code starts by selecting all <script> elements on the current webpage and stores them in the 'scripts' variable.
3. It defines a regular expression 'regex' that is used to match URLs (HTTP/HTTPS) within single quotes ('), double quotes ("), or backticks (```) in the fetched scripts' content.
4. A 'Set' named results is initialized to store unique matched URLs.
5. The code then iterates through each fetched script's URL and fetches its content using the fetch() function.
6. Once the content of each script is retrieved, the code uses the regular expression regex to find all URLs within the script's content. It iterates through each match and adds it to the results set.
7. If any errors occur during the fetch operation, they are logged to the console.
8. After fetching the external scripts' URLs and finding URLs within the page's content, the code then retrieves the entire HTML content of the current webpage and stores it in the pageContent variable.
9. It again uses the regular expression regex to find all URLs within the entire page's content. It iterates through each match and adds it to the results set.
10. Finally, a function named writeResults() is defined to display the unique URLs found in the results set on the current webpage using document.write(). The setTimeout() function is used to delay the execution of the writeResults() function for 3 seconds (3000 milliseconds).
When you execute this bookmarklet on a webpage, it will gather all the URLs of scripts used in the page, including those fetched externally, and all the URLs found in the page's HTML content. It then displays these URLs in a new page or tab using document.write(). Note that using document.write() in this manner may not always be appropriate, as it can overwrite the entire content of the page, especially when executed after the page has loaded fully.
This bookmarklet can be useful for quickly extracting and listing all script URLs used on a webpage for debugging or analysis purposes. However, due to its nature of executing external scripts and the use of document.write(), it should be used with caution and only on web pages that you trust. Additionally, some websites may have security measures in place that prevent or limit the execution of bookmarklets.
Script Creator: renniepak
Code:
```
javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\'|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\`))/g;const results=new Set;for(var i=0;i<scripts.length;i++){var t=scripts[i].src;""!=t&&fetch(t).then(function(t){return t.text()}).then(function(t){var e=t.matchAll(regex);for(let r of e)results.add(r[0])}).catch(function(t){console.log("An error occurred: ",t)})}var pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const match of matches)results.add(match[0]);function writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();
```
Usage:
Step 1: Copy The code,
Step 2: Add as Bookmark > Name JS Endpoint Finder > Paste code in URL Section. (Recommended)
Step 3: For the Result, Open your targeted site > After loading > Open "JS Endpoint Finder" from your browser Bookmark > Done.
Another Way,
Step 1: Copy the Code,
Step 2: Open your target website > Inspect > Paste code to the console > Press Enter > Done.
The provided JavaScript bookmarklet serves as a valuable tool for Bug Bounty and Penetration Testing, aiding security researchers in identifying potential vulnerabilities and weaknesses within a target website. By extracting all script URLs used on the webpage, including external scripts, the bookmarklet helps assess the technologies and third-party dependencies employed by the site. This information enables testers to conduct a thorough analysis, explore possible security misconfigurations, conduct URL manipulation tests, and identify potential entry points for exploitation. Moreover, the script's ability to enumerate other URLs found in the HTML content enhances reconnaissance efforts, facilitating the mapping of the website's attack surface and guiding the discovery of potential security gaps in the application.
However, while the script provides valuable insights, it is essential to execute it responsibly and with proper authorization to ensure adherence to ethical hacking practices. Testers should always seek permission from the website owner before running security assessments and follow responsible disclosure guidelines when reporting vulnerabilities. Additionally, the effectiveness of the bookmarklet may be influenced by security measures implemented by the website and the browser's settings, so thorough analysis and verification of results are crucial for a comprehensive and reliable assessment.
# Respect Hackers | HAPPY HACKING! | PEACE!!
Comments
Post a Comment