Bearer is a Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks. Bearer CLI is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks. Currently supporting JavaScript, TypeScript and Ruby stacks.???? Java support …
Tag Archives: javascript
JSubFinder : Searches Webpages For Javascript To Find Hidden Subdomains & Secrets
JSubFinder is a tool writtin in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go’s amazing performance allowing it to utilize large data sets & be easily chained with other tools. Install Install the application and download the …
Continue reading “JSubFinder : Searches Webpages For Javascript To Find Hidden Subdomains & Secrets”
Js-X-Ray : JavaScript & Node.js Open-Source SAST Scanner
Js-X-Ray is a JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting the results of this tool will still require you …
Continue reading “Js-X-Ray : JavaScript & Node.js Open-Source SAST Scanner”
Fuzzilli : A JavaScript Engine Fuzzer
Fuzzilli is a (coverage-)guided fuzzer for dynamic language interpreters based on a custom intermediate language (“FuzzIL”) which can be mutated and translated to JavaScript. Usage The basic steps to use this fuzzer are: Download the source code for one of the supported JavaScript engines. See the Targets/ directory for the list of supported JavaScript engines. …
ScriptHunter : Tool To Find JavaScript Files On Websites
Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note that it may take a while, which is why scripthunter also implements a notification mechanism to inform you when a scan is finished via Telegram API. Blogpost Setup To install scripthunter, clone this repository. Scripthunter …
Continue reading “ScriptHunter : Tool To Find JavaScript Files On Websites”
JSshell – A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS
JSshell is a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS. This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell – a tool to get a JavaScript shell with XSS …
Jshole : A JavaScript Components Vulnerability Scanner
Jshole is a simple JavaScript components vulnrability scanner, based on RetireJS. Why use JShole instead of RetireJS? By default, RetireJS only searches one page, but JShole tries to crawl all pages. Requirements requests Install git clone https://github.com/callforpapers-source/jshole.gitcd jsholepip3 install -r requirementspython3 jshole.py usage: jshole [-h] -u URL [-d] [-l LIMIT] [-t THREAT]optional arguments:-h, –help show …
Continue reading “Jshole : A JavaScript Components Vulnerability Scanner”
Flux-Keylogger : Modern Javascript Keylogger With Web Panel
Flux-Keylogger is a modern Javascript keylogger with web panel. Web Panel Logging Keylogger Cookies Location Remote IP User-Agents Installation Server Files Upload files from server directory to you server Change default username, password in flux.php Go to http://you.host/flux.php Click build Now inject script tag to other documents
GhostSquadHackers – Encrypt/Encode Your Javascript Code
GhostSquadHackers is a tool used to Encrypt/Encode your Javascript payloads/code in Windows Scripting. Following are couple of features for this code; Number Calculating ASCII codes Caeser-Encryption Hex Encoding Octal encoding Binary Encrypt Random Octal Quotes Add trash to code Url Encode Also Read – SeccuBus : Easy Automated Vulnerability Scanning, Reporting & Analysis Credit: Necronomikon
Nodexp – A Server Side Javascript Injection Tool Capable Of Detecting & Exploiting Node.js Vulnerabilities
NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack! Nodexp Getting Started – Installation & Usage Download NodeXP by cloning the Git repository: git clone https://github.com/esmog/nodexp To get a list of all options run: …