JS Snitch is a powerful command-line tool designed to scan remote JavaScript files for potential secrets or credentials.
It leverages the capabilities of Trufflehog and Semgrep to automate the detection of leaked API keys, tokens, or other sensitive information hidden in external JavaScript files.
This tool is particularly useful for penetration testers, bug bounty hunters, and security engineers seeking to identify vulnerabilities in web applications.
To use JS Snitch, follow these steps:
$ git clone https://github.com/vavkamil/js-snitch.git
$ cd js-snitch
$ pip install -r requirements.txt
$ python js_snitch.py
You can scan a single host using the --host
option or a list of hosts using the --list
option.
After scanning, JS Snitch organizes its findings in a structured output directory. The folder structure includes:
The secrets.txt
file provides a human-readable summary of detected secrets, including their type and verification status, along with references to the corresponding beautified files for further inspection.
JS Snitch simplifies the process of identifying potential security risks in web applications by automating the detection of leaked credentials in JavaScript files.
Its integration with powerful tools like Trufflehog and Semgrep makes it a valuable asset for security professionals.
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…
User management is a critical aspect of Linux administration. Each user in a Linux system…
Managing users is an essential part of Linux system administration. Knowing how to list all…
Nmap (Network Mapper) is a free tool that helps you find devices on a network,…
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…