Here I introduce you the Lazy Scripts
It's basic javascript codes that can be save as an Bookmark on your browser in order to extract some information about tools with useful information for recon phase of pentesting
Credits by the root idea :)
It's quite simple, you just need to include one of the Javascript codes below that is of your interest.
Steps:
- Right click on the Bookmark bar on your Browser (I'm using Chrome)
- Go to "Add Page"
- On "Name" define the name for this bookmark that you prefer
- On "URL" insert one of the Javascripts that you selected
- Access the site corresponding for that Javascript, and try it, just click it
If you prefer, here is a video:
URL used: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=google.com
Description: This script will get all the IPs from the current page of Censys search.
javascript: (function() {
var divs = document.getElementsByClassName("SearchResult result");
const results = new Set;
for (var i = 0; i < divs.length; i++) {
var notes = divs[i].getElementsByTagName("strong")[0].textContent.trim();
var result = notes;
results.add(result);
}
function writeResults() {
document.write('<button onclick="location.reload()">Reload Page</button><br>');
results.forEach(function(t) {
document.write(t + "<br>")
})
}
setTimeout(writeResults, 3000);
})();
URL used: https://securitytrails.com/domain/example.com/dns
Description: This script will extract all subdomains present on the current page of Security Trails subdomains search.
Requirements: Be logged in
javascript: (function() {
var divs = document.getElementsByTagName("tr");
const resultsgrep = new Set;
for (var i = 1; i < divs.length; i++) {
var notes = divs[i].getElementsByTagName("a")[0];
var notes = notes.textContent;
var result = notes;
var result = result.replace(/.*\/domain\/([^\/]+)\/dns.*/, '$1');
resultsgrep.add(result);
}
function writeResults() {
document.write('<button onclick="location.reload()">Reload Page</button><br>');
resultsgrep.forEach(function(t) {
document.write(t + "<br>")
})
}
setTimeout(writeResults, 3000);
})();
URL used: https://jira.instance.net/secure/admin/user/UserBrowser.jspa
Description: This will get some informations about the users on Jira Server. Including Full name, username and groups. Useful for users list extraction.
Requirements: Be logged in.
javascript: (function() {
var divs = document.getElementsByClassName("vcard user-row");
const results = new Set;
for (var i = 0; i < divs.length; i++) {
var fullname = divs[i].getElementsByTagName("td")[0].textContent;
var fullname = fullname.replace(/\s+$/, '');
var username = divs[i].getElementsByTagName("td")[1].textContent.trim();
var username = username.replace(/ /gi,"");
var username = username.replace("\n\n",",");
var groups = Array.from(divs[i].getElementsByTagName("td")[3].querySelectorAll("li"), li => li.textContent.trim());
var groups = groups.map(item => item.replace(/,/g, ";"));
var result = fullname + "," + username + "," + groups;
results.add(result);
}
function writeResults() {
document.write('<button onclick="location.reload()">Reload Page</button><br>');
results.forEach(function(content) {
document.write(content + "<br>")
})
}
setTimeout(writeResults, 3000);
})();
URL: REDACTED
Description: This is a service provided for free OSINT information where you can search for content related to emails, URLs, phone numbers and much more. This script will extract from domain search the Domain, URL, Username and Source.
javascript: (function() {
var divs = document.getElementsByClassName("record");
const results = new Set;
for (var i = 0; i < divs.length; i++) {
var domain = divs[i].getElementsByTagName("dd")[0].textContent.trim();
var domain = domain.replace(/domain: /g, "");
var notes = divs[i].getElementsByTagName("dd")[1].textContent.trim();
var notes = notes.replace(/notes: /g, "");
var notes = notes.replace(/url: /g, "");
var emails = divs[i].getElementsByTagName("dd")[2].textContent.trim();
var emails = emails.replace(/emails: /g, "");
var emails = emails.replace(/usernames: /g, "");
var source = divs[i].getElementsByTagName("dd")[3].textContent.trim();
var source = source.replace(/source: /g, "");
var result = domain + ", " + notes + ", " + emails + ", " + source;
results.add(result);
}
function writeResults() {
document.write('<button onclick="location.reload()">Reload Page</button><br>');
results.forEach(function(content) {
document.write(content + "<br>")
})
}
setTimeout(writeResults, 3000);
})();