ScriptHunter : Tool To Find JavaScript Files On Websites

Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note that it may take a while, which is why scripthunter also implements a notification mechanism to inform you when a scan is finished via Telegram API. Blogpost

Setup

To install scripthunter, clone this repository. Scripthunter relies on a couple of tools to be installed so make sure you have them:

• gau
• ffuf
• hakrawler
• httpx
• unfurl

please make sure that as most of these tools are written in Go, that you have Go installed and configured properly. Make sure that when you type any of the above commands in the terminal, they are recognized and work.

Furthermore, scripthunter uses Telegram to send you a notification once a scan is finished. To enable this feature, you need to create a Telegram Bot and paste your Bot API key and chatid in the scripthunter script. You can follow this guide to get these values.

Features

• Extract public javascript files from website using Gau and Hakrawler
• Parse directories containing js files from found public files
• Scan js directories for hidden js files using ffuf and a custom wordlist
• check all found files for connectivity
• notify user once scans are finished
• aggregate all seen js filenames into one global wordlist