JS Snitch is a powerful command-line tool designed to scan remote JavaScript files for potential secrets or credentials.
It leverages the capabilities of Trufflehog and Semgrep to automate the detection of leaked API keys, tokens, or other sensitive information hidden in external JavaScript files.
This tool is particularly useful for penetration testers, bug bounty hunters, and security engineers seeking to identify vulnerabilities in web applications.
To use JS Snitch, follow these steps:
$ git clone https://github.com/vavkamil/js-snitch.git$ cd js-snitch$ pip install -r requirements.txt$ python js_snitch.pyYou can scan a single host using the --host option or a list of hosts using the --list option.
After scanning, JS Snitch organizes its findings in a structured output directory. The folder structure includes:
The secrets.txt file provides a human-readable summary of detected secrets, including their type and verification status, along with references to the corresponding beautified files for further inspection.
JS Snitch simplifies the process of identifying potential security risks in web applications by automating the detection of leaked credentials in JavaScript files.
Its integration with powerful tools like Trufflehog and Semgrep makes it a valuable asset for security professionals.
Nginx server blocks let you run more than one website on a single server. Each block…
Tor Browser is a modified version of Firefox that routes all your web traffic through the Tor…
Vagrant is a command-line tool that makes it easy to build and manage virtual machine environments.…
VMware Tools is a set of drivers and services that improves the performance of an Ubuntu…
Java developers use project management tools to automate building their applications. Apache Maven is an open source…
Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…