Javascript Enumeration

Blogs / Writeups / Videos:

https://docs.google.com/presentation/d/1aGSfiN3DhTYeZ_b0uU2U2bWa3Ziuf6xXkzJlIXpLimU/edit#slide=id.p

Tools:

A tool to get javascript files from a list of URLS or subdomains - https://github.com/lc/subjs

• http://blog.r0b.re/hacking/pentesting/bugbounty/recon/web/js/2020/07/05/jsmon-automated-javascript-file-monitoring.html

• https://medium.com/@bitthebyte/javascript-for-bug-bounty-hunters-part-2-f82164917e7

• https://thehackerish.com/javascript-enumeration-for-bug-bounty-hunters/?utm_source=newsletter&utm_medium=email&utm_campaign=javascript_enumeration_for_bug_bounty_hunters&utm_term=2020-09-25

• https://github.com/robre/scripthunter

• https://gist.github.com/gwen001/0b15714d964d99c740a7e8998bd483df

Tweets:

A one-liner to extract all API endpoints from a #JavaScript file. Especially useful for #BugBounty hunting. - https://twitter.com/EthicalMike/status/1205892500675874823

--https://github.com/arbazkiraak/LinksDumper

GitHub - GerbenJavado/LinkFinder at chrome_extensionGitHub

• https://twitter.com/EthicalMike/status/1205892500675874823

• https://securityjunky.com/scanning-js-files-for-endpoint-and-secrets/

• https://www.youtube.com/watch?time_continue=11&v=FTeE3OrTNoA&feature=emb_logo

• https://github.com/Cillian-Collins/subscraper

• https://medium.com/@patelkathan22/beginners-guide-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea

• https://github.com/KathanP19/JSFScan.sh

• https://www.youtube.com/watch?v=btG3LP_3lnA&feature=youtu.be

• https://www.youtube.com/watch?v=nkznsNxDM5k