JS Enumeration is a crucial step in the process of identifying and exploiting vulnerabilities in a website. As a bug bounty hunter, you will need to be familiar with the different tools and techniques available to you for this purpose. In this article, we will take a look at some of the most useful JS Enumeration tools and tips that you can use to improve your chances of finding vulnerabilities.
One of the first things to do when performing JS Enumeration is to analyze the website’s source code to identify any potential JavaScript files that may be present. Once you have a list of these files, you can use tools such as JSParser or JSScan to automate the process of analyzing them. These tools can help you identify any sensitive information that may be present in the JavaScript files, such as hardcoded credentials or keys.
- pyjsparser: Fast JavaScript parser — manual translation of esprima.js to python. Takes 1 second to parse whole angular.js library so parsing speed is about 100k characters per second which makes it the fastest and most comprehensible JavaScript parser for python out there.
It can be downloaded using the command “pip install pyjsparser”.
“git clone https://github.com/PiotrDabkowski/pyjsparser.git”
2. JSRanger: Ranger is a small JS library that allows you to use a range-like syntax with any object. All you need to do is to define a function that builds the required ‘range’ given a starting and ending object (+ optional extra parameters if you so desire).
It can be downloaded from GitHub using the command “git clone https://github.com/s0md3v/JSRanger.git“.
The ‘range’ syntax is as follows:
rangeStart[[…rangeEnd, optionalParam1, optionalParam2…]]
Example, if you created a range function for Numbers — you could then use it as follows:
// create a range of numbers from 1–10
const numbers = 1[[…10]]
// log the numbers from 6–3
6[[…3]].forEach(x => console.log(x))
3. GetJS: getJS is a tool to extract all the javascript files from a set of given urls.
The urls can also be piped to getJS, or you can specify a singel url with the -url argument. getJS offers a range of options, varying from completing the urls, to resolving the files.
It can be downloaded using the command “git clone https://github.com/003random/getJS.git”.
To use this tool, run the command
“echo “https://github.com” | getJS — url https://example.com — input domains.txt”
4. JSLinkFinder: This tool is similar to LinkFinder but is specifically designed to find JavaScript files.
It can be downloaded using the command “git clone https://github.com/GerbenJavado/LinkFinder.git”.
To use this tool, run the command
“python3 linkfinder.py -i https://example.com -o results.html”
5. JScanner: Analyze target Joomla! installation using several different techniques.
It can be downloaded from GitHub using the command “git clone https://github.com/tampe125/jscanner.git“.
To use this tool, run the command “python jscanner.py analyze -u http://www.example.com“
6. JSFScan: This tool gather Jsfile Links from different sources
It can be downloaded from GitHub using the command
“git clone https://github.com/KathanP19/JSFScan.sh.git“
To use this tool, run the command
“bash JSFscan.sh -l target.txt -r -o target.com”
7. js-beautify: A tool a that that can be used to beautify and format JavaScript code.
It can be downloaded from GitHub using the command “git clone https://github.com/beautify-web/js-beautify.git“.
To install the Python version of the beautifier:
pip install jsbeautifier
Usage
You can beautify JavaScript using JS Beautifier in your web browser, or on the command-line using Node.js or Python.
Web Browser
Open beautifier.io. Options are available via the UI.
8. JSLint: A tool written in JavaScript that can be used to lint and validate JavaScript code. It can be downloaded from GitHub using the command “git clone https://github.com/douglascrockford/JSLint.git“.
To use this tool, run the command “node jslint.js file.js”
9. js-xss: Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
It can be downloaded from GitHub using the command “git clone https://github.com/padolsey/js-xss.git“.
Usages
On Node.js
var xss = require(“xss”);
var html = xss(‘<script>alert(“xss”);</script>’);
console.log(html);
On Browser
Shim mode (reference file test/test.html):
<script src=”https://rawgit.com/leizongmin/js-xss/master/dist/xss.js“></script>
<script>
// apply function filterXSS in the same way
var html = filterXSS(‘<script>alert(“xss”);</scr’ + “ipt>”);
alert(html);
</script>
10. JavaScript Deobfuscator: JavaScript Deobfuscator is a tool that can be used to deobfuscate JavaScript code. A simple but powerful deobfuscator to remove common JavaScript obfuscation techniques
It can be accessed from website https://deobfuscate.io/
JS Enumeration Bug Bounty Hunting tips
- Start by analyzing the website’s source code to identify any potential JavaScript files that may be present.
- Use tools such as JSParser or JSScan to automate the process of identifying and analyzing JavaScript files.
- Look for any sensitive information that may be present in the JavaScript files, such as hardcoded credentials or keys.
- Check for any known vulnerabilities in the JavaScript libraries and frameworks that are being used on the website.
- Use browser dev tools to analyze the JavaScript code and understand the website’s functionality.
- Test for client-side vulnerabilities such as cross-site scripting (XSS) and cross-site request forgery (CSRF).
- Pay attention to any network requests made by the JavaScript code, as these can reveal additional information about the website.
- Use a proxy tool such as Burp Suite to intercept and analyze JavaScript requests and responses.
- Check for any third-party scripts that may be loaded on the website, as these can introduce additional security risks.
In conclusion, JS Enumeration is a crucial step in the process of identifying and exploiting vulnerabilities in a website. By using the right tools and techniques, you can improve your chances of finding vulnerabilities and get a better understanding of the website’s structure and functionality. Remember to always follow the scope of the bug bounty program, and you will be on your way to finding vulnerabilities and earning rewards.