Giters

xen00rw / lazy_scripts

Basic javascript snippets to interact with DOM in some web services in order to extract usefull information.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Intro

Here I introduce you the Lazy Scripts
It's basic javascript codes that can be save as an Bookmark on your browser in order to extract some information about tools with useful information for recon phase of pentesting

@phor3nsic

Credits by the root idea :)

How to configure

It's quite simple, you just need to include one of the Javascript codes below that is of your interest.

Steps:

  1. Right click on the Bookmark bar on your Browser (I'm using Chrome)
  2. Go to "Add Page"
  3. On "Name" define the name for this bookmark that you prefer
  4. On "URL" insert one of the Javascripts that you selected
  5. Access the site corresponding for that Javascript, and try it, just click it

If you prefer, here is a video:
GIF

Codes

[Censys Search] Default Search
 URL used: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=google.com
Description: This script will get all the IPs from the current page of Censys search.

javascript: (function() {
	var divs = document.getElementsByClassName("SearchResult result");
	const results = new Set;

	for (var i = 0; i < divs.length; i++) {
		var notes = divs[i].getElementsByTagName("strong")[0].textContent.trim();
		var result = notes;
		results.add(result);
	}

	function writeResults() {
	document.write('<button onclick="location.reload()">Reload Page</button><br>');
	results.forEach(function(t) {
			document.write(t + "<br>")
		})
	}
	setTimeout(writeResults, 3000);
})();
[Security Trails] Search Subdomains
 URL used: https://securitytrails.com/domain/example.com/dns
Description: This script will extract all subdomains present on the current page of Security Trails subdomains search.
Requirements: Be logged in

javascript: (function() {
  var divs = document.getElementsByTagName("tr");
  const resultsgrep = new Set;

  for (var i = 1; i < divs.length; i++) {
    var notes = divs[i].getElementsByTagName("a")[0];
    var notes = notes.textContent;
    var result = notes;
    var result = result.replace(/.*\/domain\/([^\/]+)\/dns.*/, '$1');
    resultsgrep.add(result);
  }

  function writeResults() {
  document.write('<button onclick="location.reload()">Reload Page</button><br>');
  resultsgrep.forEach(function(t) {
      document.write(t + "<br>")
    })
  }
  setTimeout(writeResults, 3000);
})();
[Jira Server] Users Management
 URL used: https://jira.instance.net/secure/admin/user/UserBrowser.jspa
Description: This will get some informations about the users on Jira Server. Including Full name, username and groups. Useful for users list extraction.
Requirements: Be logged in.

javascript: (function() {
	var divs = document.getElementsByClassName("vcard user-row");
	const results = new Set;

	for (var i = 0; i < divs.length; i++) {
		var fullname = divs[i].getElementsByTagName("td")[0].textContent;
		var fullname = fullname.replace(/\s+$/, '');

		var username = divs[i].getElementsByTagName("td")[1].textContent.trim();
		var username = username.replace(/ /gi,"");
  		var username = username.replace("\n\n",",");

  		var groups = Array.from(divs[i].getElementsByTagName("td")[3].querySelectorAll("li"), li => li.textContent.trim());  
  		var groups = groups.map(item => item.replace(/,/g, ";"));

		var result = fullname + "," + username + "," + groups;
		results.add(result);
	}

	function writeResults() {
		document.write('<button onclick="location.reload()">Reload Page</button><br>');
		results.forEach(function(content) {
			document.write(content + "<br>")
		})
	}
	setTimeout(writeResults, 3000);
})();
[IllServices 0t Rocks] Domain and more search
 URL: REDACTED
Description: This is a service provided for free OSINT information where you can search for content related to emails, URLs, phone numbers and much more. This script will extract from domain search the Domain, URL, Username and Source.

javascript: (function() {
	var divs = document.getElementsByClassName("record");
	const results = new Set;

	for (var i = 0; i < divs.length; i++) {
		var domain = divs[i].getElementsByTagName("dd")[0].textContent.trim();
		var domain = domain.replace(/domain: /g, "");

		var notes = divs[i].getElementsByTagName("dd")[1].textContent.trim();
		var notes = notes.replace(/notes: /g, "");
		var notes = notes.replace(/url: /g, "");

		var emails = divs[i].getElementsByTagName("dd")[2].textContent.trim();
		var emails = emails.replace(/emails: /g, "");
		var emails = emails.replace(/usernames: /g, "");

		var source = divs[i].getElementsByTagName("dd")[3].textContent.trim();
		var source = source.replace(/source: /g, "");

		var result = domain + ", " + notes + ", " + emails + ", " + source;
		results.add(result);
	}

	function writeResults() {
		document.write('<button onclick="location.reload()">Reload Page</button><br>');
		results.forEach(function(content) {
			document.write(content + "<br>")
		})
	}
	setTimeout(writeResults, 3000);
})();

About

Basic javascript snippets to interact with DOM in some web services in order to extract usefull information.