JS Analyse
ID: js-analyse
Severity: info
Author: ayadim
Tags: file,js-analyse,js
Description
Section titled “Description”This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application.
YAML Source
Section titled “YAML Source”id: js-analyse
info: name: JS Analyse author: ayadim severity: info description: | This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application. metadata: verified: true tags: file,js-analyse,js
file: - extensions: - js
extractors: - type: regex name: extracted-token regex: - "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token|secretaccesskey)([-|_][a-z]+)?(\\s)*(:|=)+"
- type: regex name: extracted-endpoints regex: - "(?i)('|\")((\\.{0,2})|([a-z0-9-_]*))/([a-z0-9-_/=:&?\\.]+)('|\")" - "(?i)}\\s*/[a-z0-9-_?=&/]+" - "(?i)path\\s*(:|=)\\s*('|\")[a-z0-9-_?=&:\\./]+('|\")"
- type: regex name: extracted-uri regex: - "(?i)([a-z]{2,10}):(//|/)[a-z0-9\\./?&-_=:]+"
- type: regex name: amazon-access-key regex: - "(?i)(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
- type: regex name: amazon-s3-url regex: - "(?i)([a-z0-9_\\-\\.]+\\.s3\\.amazonaws\\.com)" - "(?i)([a-z0-9\\.-]+\\.s3-[a-z0-9-\\.]+\\.amazonaws\\.com)" - "(?i)[a-z0-9\\.-]+\\.s3-website[\\.-](eu|ap|us|ca|sa|cn)" - "(?i)(s3://[a-z0-9_\\-\\./]+)" - "(?i)(s3\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)" - "(?i)(s3\\.console\\.aws\\.com/s3/buckets/[a-z0-9/_\\-\\.]+)" - "(?i)(s3-[a-z0-9-\\.]\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)"
- type: regex name: github-personal-access-token regex: - "(?i)(ghp_[a-z0-9]{36}|github_pat_[a-z0-9]{82})"
- type: regex name: github-oauth-access-token regex: - "(?i)(gho_[a-zA-Z0-9]{36})"
- type: regex name: github-app-token regex: - "\b((?:ghu|ghs)_[a-zA-Z0-9]{36})\b"
- type: regex name: authorization-basic regex: - "(?i)(Authorization:\\sbasic\\s+[a-z0-9=:_\\-+/]{5,100})"
- type: regex name: authorization-bearer regex: - "(?i)(Authorization:\\sbearer\\s+[a-z0-9=:_\\-\\.+/]{5,100})"
- type: regex name: rsa-private-key regex: - "(?i)(-----BEGIN RSA PRIVATE KEY-----)"
- type: regex name: ssh-dsa-private-key regex: - "(?i)(-----BEGIN DSA PRIVATE KEY-----)"
- type: regex name: ssh-ec-private-key regex: - "(?i)(-----BEGIN EC PRIVATE KEY-----)"
- type: regex name: potential-ajax-request regex: - "(?i)(new\\s+xmlhttprequest\\(\\)|\\$\\.ajax\\(\\{)"# digest: 4a0a00473045022100b2a54e89dd0ef64266519f24fd605c95a861534655112f49b4cc1411406e00f30220079bc3bca3d31324c71fd3fdc116e74d6c5bf13db36f40726320cb4bef42de2e:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "file/js/js-analyse.yaml"