Hacking Tools

JS Snitch : Hidden Secrets In JavaScript Files

JS Snitch is a powerful command-line tool designed to scan remote JavaScript files for potential secrets or credentials.

It leverages the capabilities of Trufflehog and Semgrep to automate the detection of leaked API keys, tokens, or other sensitive information hidden in external JavaScript files.

This tool is particularly useful for penetration testers, bug bounty hunters, and security engineers seeking to identify vulnerabilities in web applications.

Key Features Of JS Snitch

  • Multi-host Scanning: JS Snitch allows users to scan a single host or a list of hosts, making it efficient for large-scale security audits.
  • Trufflehog Integration: It utilizes Trufflehog’s advanced scanning capabilities to detect secrets within JavaScript files.
  • Semgrep Integration: Configurable Semgrep rulesets enable additional scanning and pattern-based detection of potential vulnerabilities.
  • Beautification Step: Automatically prettifies downloaded JavaScript files for better readability during manual analysis.
  • Aggregated Results: Consolidates findings from both Trufflehog and Semgrep into a single, easy-to-understand report.
  • Unverified vs. Verified Secrets: Clearly distinguishes between verified and unverified secrets, helping users prioritize further investigation.

To use JS Snitch, follow these steps:

  1. Clone the repository: $ git clone https://github.com/vavkamil/js-snitch.git
  2. Navigate to the cloned directory: $ cd js-snitch
  3. Install dependencies: $ pip install -r requirements.txt
  4. Run the tool: $ python js_snitch.py

You can scan a single host using the --host option or a list of hosts using the --list option.

After scanning, JS Snitch organizes its findings in a structured output directory. The folder structure includes:

  • tmp/: Raw JavaScript files as downloaded.
  • beautify/: Beautified JavaScript files for easier analysis.
  • secrets.json: Raw Trufflehog output.
  • semgrep_output.json: Raw Semgrep output.
  • secrets.txt: Consolidated report of findings from both tools.

The secrets.txt file provides a human-readable summary of detected secrets, including their type and verification status, along with references to the corresponding beautified files for further inspection.

JS Snitch simplifies the process of identifying potential security risks in web applications by automating the detection of leaked credentials in JavaScript files.

Its integration with powerful tools like Trufflehog and Semgrep makes it a valuable asset for security professionals.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecurityJS Snitchkalilinuxkalilinuxtools
4 weeks ago

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

1 week ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

1 week ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

1 week ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

1 week ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

1 week ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

1 week ago