JS Scan
jaikishantulswani opened this issue · comments
Hello @nsonaniya2010 ,
Can you please enhance SubDomainizer by adding one more switch to scan already downloaded js files from a folder.
Hello @nsonaniya2010 waiting for this enhancement.
Not yet.
Will update it by next month.
Hi @jaikishantulswani ,
I have added a feature to scan files inside folder.
just put root folder in which it contains files with -f argument and it will scan all the files recursively in each folder.
@nsonaniya2010 Thank you 👍
@jaikishantulswani
Please check it. And let me know if there is any error or something you view.
Hello @nsonaniya2010 ,
It is not fetching the api_key related words like if a js file is having API_KEY:"&api_key=hereIam:@abc123" then it returns nothing, please correct me If I am doing anything wrong.
This is due to the fact that & and = is not added in the list of capturing group of regular expression.
You can add characters like '& or =' etc. as per your requirement on line 233 of SubDomainizer.py file along with @ and # etc.
Let me know if it fixes the problem.
💯 Thank you ! it works but why I am getting this in some cases:
Getting data from folder recursively... Traceback (most recent call last): File "SubDomainizer.py", line 419, in <module> folderDataList = getRecursiveFolderData(folderName) File "SubDomainizer.py", line 99, in getRecursiveFolderData folderDataList.append(file.read()) File "/usr/lib/python3.7/codecs.py", line 322, in decode (result, consumed) = self._buffer_decode(data, self.errors, final) UnicodeDecodeError: 'utf-8' codec can't decode byte 0x89 in position 0: invalid start byte
@jaikishantulswani,
this is due to problem in decoding content. Some content is not properly escaped, lets say Ë is character, it should be in Unicode as it is not considered as string in python.
What you can do is you can add try and exception for line 99 to ignore reading of that file only.
like this:
Line : 99
try:
folderDataList.append(file.read())
except UnicodeDecodeError:
pass
It will help you in getting contents of other files, and ignoring files which do not have proper ASCII characters.
I will come up with some other solution on next update so that it won't throw exception or error.
Let me know if it solves your problem.
@nsonaniya2010 Thank you, meanwhile it also return no results when a js file contain like:
password= "ABC@123", password: "AbC@321@", password: "abc", password= "ABC",
On line '433' of code:
If have added a minimum threshold value to 3.5 ( shannon entropy)
Your given string:
ABC@123have entropy : 2.807354922057604AbC@321@have : 2.75
and other strings will have less than them.
you can change 3.5 on line 433 to 2.5 to get those results. Although this will increase the false positives.
OK, Thank you so much for giving your time 👍
Hello @nsonaniya2010 ,
one last thing as I am getting 'Indentation Error` after changing the code in line 99 like:
def getRecursiveFolderData(rootfolder):
folderDataList = list()
for filename in glob.iglob(rootfolder + '/', recursive=True):
if os.path.isfile(filename):
with open(filename, 'r') as file:
try:
folderDataList.append(file.read())
except UnicodeDecodeError:
pass
return folderDataList
Error
File "subtest.py", line 101 except UnicodeDecodeError: ^ IndentationError: unexpected unindent
Code needs to be intended in python.
@nsonaniya2010 ,
Yes I did the same like the screenshot attached, but still getting this.
That is an intendation error pls check properly.