JSubFinder is a tool writtin in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go’s amazing performance allowing it to utilize large data sets & be easily chained with other tools.
Install the application and download the signatures needed to find secrets
go get github.com/ThreatUnkown/jsubfinder wget https://raw.githubusercontent.com/ThreatUnkown/jsubfinder/master/.jsf_signatures.yaml && mv .jsf_signatu
Or
Search the given url’s for subdomains and secrets
$ jsubfinder search -h Execute the command specified Usage: JSubFinder search [flags] Flags: -c, --crawl Enable crawling -g, --greedy Check all files for URL's not just Javascript -h, --help help for search -f, --inputFile string File containing domains -t, --threads int Ammount of threads to be used (default 5) -u, --url strings Url to check Global Flags: -d, --debug Enable debug mode. Logs are stored in log.info -K, --nossl Skip SSL cert verification (default true) -o, --outputFile string name/location to store the file -s, --secrets Check results for secrets e.g api keys --sig string Location of signatures for finding secrets -S, --silent Disable printing to the console
Examples (results are the same in this case):
$ jsubfinder search -u www.google.com $ jsubfinder search -f file.txt $ echo www.google.com | jsubfinder search $ echo www.google.com | httpx --silent | jsubfinder search$ apis.google.com ogs.google.com store.google.com mail.google.com accounts.google.com www.google.com policies.google.com support.google.com adservice.google.com play.google.com
note --secrets=""
will save the secret results in a secrets.txt file
$ echo www.youtube.com | jsubfinder search --secrets="" www.youtube.com youtubei.youtube.com payments.youtube.com 2Fwww.youtube.com 252Fwww.youtube.com m.youtube.com tv.youtube.com music.youtube.com creatoracademy.youtube.com artists.youtube.com Google Cloud API Key <redacted> found in content of https://www.youtube.com Google Cloud API Key <redacted> found in content of https://www.youtube.com Google Cloud API Key <redacted> found in content of https://www.youtube.com Google Cloud API Key <redacted> found in content of https://www.youtube.com Google Cloud API Key <redacted> found in content of https://www.youtube.com Google Cloud API Key <redacted> found in content of https://www.youtube.com
$ echo www.google.com | jsubfinder search -crawl -s "google_secrets.txt" -S -o jsf_google.txt -t 10 -g
-crawl
use the default crawler to crawl pages for other URL’s to analyze-s
enables JSubFinder to search for secrets-S
Silence output to console-o <file>
save output to specified file-t 10
use 10 threads-g
search every URL for JS, even ones we don’t think have anyEnables the upstream HTTP proxy with TLS MITM sypport. This allows you to:
$ JSubFinder proxy -h Execute the command specified Usage: JSubFinder proxy [flags] Flags: -h, --help help for proxy -p, --port int Port for the proxy to listen on (default 8444) --scope strings Url's in scope seperated by commas. e.g www.google.com,www.netflix.com -u, --upstream-proxy string Adress of upsteam proxy e.g http://127.0.0.1:8888 (default "http://127.0.0.1:8888") Global Flags: -d, --debug Enable debug mode. Logs are stored in log.info -K, --nossl Skip SSL cert verification (default true) -o, --outputFile string name/location to store the file -s, --secrets Check results for secrets e.g api keys --sig string Location of signatures for finding secrets -S, --silent Disable printing to the console
$ jsubfinder proxy Proxy started on :8444 Subdomain: out.reddit.com Subdomain: www.reddit.com Subdomain: 2Fwww.reddit.com Subdomain: alb.reddit.com Subdomain: about.reddit.com
Burp Suite will now forward all traffic proxied through it to JSubFinder. JSubFinder will retrieve the response, return it to burp and in another thread search for subdomains and secrets.
proxify -output logs
jsubfinder proxy -u http://127.0.0.1:8443
replay -output logs -burp-addr http://127.0.0.1:8444
Simple, run JSubFinder in proxy mode on another server e.g 192.168.1.2. Follow the proxy steps above but set your applications upstream proxy as 192.168.1.2:8443
$ jsubfinder proxy --scope www.reddit.com -p 8081 -S -o jsf_reddit.txt
--scope
limits JSubFinder to only analyze responses from www.reddit.com-p
port JSubFinders proxy server is running on-S
silence output to the console/stdout-o <file>
output examples to this fileKali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…