JS Snitch is a powerful command-line tool designed to scan remote JavaScript files for potential secrets or credentials.
It leverages the capabilities of Trufflehog and Semgrep to automate the detection of leaked API keys, tokens, or other sensitive information hidden in external JavaScript files.
This tool is particularly useful for penetration testers, bug bounty hunters, and security engineers seeking to identify vulnerabilities in web applications.
To use JS Snitch, follow these steps:
$ git clone https://github.com/vavkamil/js-snitch.git$ cd js-snitch$ pip install -r requirements.txt$ python js_snitch.pyYou can scan a single host using the --host option or a list of hosts using the --list option.
After scanning, JS Snitch organizes its findings in a structured output directory. The folder structure includes:
The secrets.txt file provides a human-readable summary of detected secrets, including their type and verification status, along with references to the corresponding beautified files for further inspection.
JS Snitch simplifies the process of identifying potential security risks in web applications by automating the detection of leaked credentials in JavaScript files.
Its integration with powerful tools like Trufflehog and Semgrep makes it a valuable asset for security professionals.
Redis is an open-source, in-memory data structure store used as a database, cache, and message broker.…
Ubuntu 18.04 LTS (Bionic Beaver) was released on April 26, 2018, with five years of official…
Apache Virtual Hosts let you run multiple websites on a single server. Each site gets its…
Django is a free, open-source Python web framework built for developing secure, scalable, and maintainable web…
MySQL replication is the process of automatically copying data from one database server to one or…
Joomla is one of the most popular open-source content management systems in the world. It is…