Information Security News

jsubfinder: earch webpages & javascript for hidden subdomains and secrets in the given URL

by ·

JSubFinder

JSubFinder is a tool written in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go’s amazing performance allowing it to utilize large data sets & be easily chained with other tools.

Install

go get github.com/ThreatUnkown/jsubfinder
wget https://raw.githubusercontent.com/ThreatUnkown/jsubfinder/master/.jsf_signatures.yaml && mv .jsf_signatures.yaml ~/.jsf_signatures.yaml

Use

Examples (results are the same in this case):

[pastacode lang=”markup” manual=”%24%20jsubfinder%20search%20-u%20www.google.com%0A%24%20jsubfinder%20search%20-f%20file.txt%0A%24%20echo%20www.google.com%20%7C%20jsubfinder%20search%0A%24%20echo%20www.google.com%20%7C%20httpx%20–silent%20%7C%20jsubfinder%20search%24%0A%0Aapis.google.com%0Aogs.google.com%0Astore.google.com%0Amail.google.com%0Aaccounts.google.com%0Awww.google.com%0Apolicies.google.com%0Asupport.google.com%0Aadservice.google.com%0Aplay.google.com” message=”” highlight=”” provider=”manual”/]

 

With Secrets Enabled

note –secrets=”” will save the secret results in a secrets.txt file

[pastacode lang=”markup” manual=”%0A%24%20echo%20www.youtube.com%20%7C%20jsubfinder%20search%20–secrets%3D%22%22%0Awww.youtube.com%0Ayoutubei.youtube.com%0Apayments.youtube.com%0A2Fwww.youtube.com%0A252Fwww.youtube.com%0Am.youtube.com%0Atv.youtube.com%0Amusic.youtube.com%0Acreatoracademy.youtube.com%0Aartists.youtube.com%0A%0AGoogle%20Cloud%20API%20Key%20%3Credacted%3E%20found%20in%20content%20of%20https%3A%2F%2Fwww.youtube.com%0AGoogle%20Cloud%20API%20Key%20%3Credacted%3E%20found%20in%20content%20of%20https%3A%2F%2Fwww.youtube.com%0AGoogle%20Cloud%20API%20Key%20%3Credacted%3E%20found%20in%20content%20of%20https%3A%2F%2Fwww.youtube.com%0AGoogle%20Cloud%20API%20Key%20%3Credacted%3E%20found%20in%20content%20of%20https%3A%2F%2Fwww.youtube.com%0AGoogle%20Cloud%20API%20Key%20%3Credacted%3E%20found%20in%20content%20of%20https%3A%2F%2Fwww.youtube.com%0AGoogle%20Cloud%20API%20Key%20%3Credacted%3E%20found%20in%20content%20of%20https%3A%2F%2Fwww.youtube.com” message=”” highlight=”” provider=”manual”/]

 

Advanced examples

$ echo www.google.com | jsubfinder search -crawl -s “google_secrets.txt” -S -o jsf_google.txt -t 10 -g

  • -crawl use the default crawler to crawl pages for other URL’s to analyze
  • -s enables JSubFinder to search for secrets
  • -S Silence output to console
  • -o <file> save output to specified file
  • -t 10 use 10 threads
  • -g search every URL for JS, even ones we don’t think have any

Proxy

Enables the upstream HTTP proxy with TLS MITM support. This allows you to:

  1. Browse sites in real-time and have JSubFinder search for subdomains and secrets in real-time.
  2. If needed run jsubfinder on another server to offload the workload

With Burp Suite

  1. Configure Burp Suite to forward traffic to an upstream proxy/ (User Options > Connections > Upsteam Proxy Servers > Add)
  2. Run JSubFinder in proxy mode

Burp Suite will now forward all traffic proxied through it to JSubFinder. JSubFinder will retrieve the response, return it to burp, and in another thread search for subdomains and secrets.

With Proxify

  1. Launch Proxify & dump traffic to a folder proxify -output logs
  2. Configure Burp Suite, a Browser or other tool to forward traffic to Proxify (see instructions on their github page)
  3. Launch JSubFinder in proxy mode & set the upstream proxy as Proxify jsubfinder proxy -u http://127.0.0.1:8443
  4. Use Proxify’s replay utility to replay the dumped traffic to jsubfinder replay -output logs -burp-addr http://127.0.0.1:8444

Run-on another server

Simple, run JSubFinder in proxy mode on another server e.g 192.168.1.2. Follow the proxy steps above but set your application upstream proxy as 192.168.1.2:8443

Advanced Examples

$ jsubfinder proxy –scope www.reddit.com -p 8081 -S -o jsf_reddit.txt

  • --scope limits JSubFinder to only analyze responses from www.reddit.com
  • -p port JSubFinders proxy server is running on
  • -S silence output to the console/stdout
  • -o <file> output examples to this file

Copyright (c) 2021 hiddengearz

Source: https://github.com/ThreatUnkown/

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags: