diff --git a/JSFScan.sh b/JSFScan.sh index f9fed1b..c5157a7 100644 --- a/JSFScan.sh +++ b/JSFScan.sh @@ -1,146 +1,147 @@ #!/bin/bash -#LOgo -logo(){ +# Error handling function +handle_error() { + echo "Error: $1 failed" + exit 1 +} -echo " _______ ______ _______ ______ _ "; -echo "(_______/ _____(_______/ _____) | | "; -echo " _ ( (____ _____ ( (____ ____ _____ ____ ___| |__ "; -echo " _ | | \____ \| ___) \____ \ / ___(____ | _ \ /___| _ \ "; -echo "| |_| | _____) | | _____) ( (___/ ___ | | | |_|___ | | | |"; -echo " \___/ (______/|_| (______/ \____\_____|_| |_(_(___/|_| |_|"; -echo " "; +# Function to print messages with colors +print_message() { + echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m $1\e[0m\n" +} +# Logo function +logo(){ + print_message "Logo" + echo " _______ ______ _______ ______ _ "; + echo "(_______/ _____(_______/ _____) | | "; + echo " _ ( (____ _____ ( (____ ____ _____ ____ ___| |__ "; + echo " _ | | \____ \| ___) \____ \ / ___(____ | _ \ /___| _ \ "; + echo "| |_| | _____) | | _____) ( (___/ ___ | | | |_|___ | | | |"; + echo " \___/ (______/|_| (______/ \____\_____|_| |_(_(___/|_| |_|"; + echo " "; } + logo +# Function to check the availability of .js files +check_js_availability(){ + cat "$1" | httpx -follow-redirects -silent -status-code | grep "[200]" | cut -d ' ' -f1 | sort -u +} -#Gather JSFilesUrls +# Gather .js URLs gather_js(){ -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Started Gathering JsFiles-links\e[0m\n"; -cat "$target" | gau | grep -iE "\.js$" | uniq | sort >> jsfile_links.txt -cat "$target" | subjs >> jsfile_links.txt -#cat $target | hakrawler -js -depth 2 -scope subs -plain >> jsfile_links.txt -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Checking for live JsFiles-links\e[0m\n"; -cat jsfile_links.txt | httpx -follow-redirects -silent -status-code | grep "[200]" | cut -d ' ' -f1 | sort -u > live_jsfile_links.txt + print_message "Started Gathering JsFiles-links" + cat "$target" | gau | grep -iE "\.js$" | uniq | sort >> jsfile_links.txt || handle_error "gau" + cat "$target" | subjs >> jsfile_links.txt || handle_error "subjs" + + print_message "Checking for live JsFiles-links" + check_js_availability jsfile_links.txt > live_jsfile_links.txt || handle_error "httpx" } -#Open JSUrlFiles +# Open and filter JS URLs to get links open_jsurlfile(){ -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Filtering JsFiles-links\e[0m\n"; -cat "$target" | httpx -follow-redirects -silent -status-code | grep "[200]" | cut -d ' ' -f1 | sort -u > live_jsfile_links.txt + print_message "Filtering JsFiles-links" + check_js_availability "$target" > live_jsfile_links.txt || handle_error "httpx" } -#Gather Endpoints From JsFiles +# Gather endpoints from JS files endpoint_js(){ -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Started gathering Endpoints\e[0m\n"; -interlace -tL live_jsfile_links.txt -threads 5 -c "echo 'Scanning _target_ Now' ; python3 ./tools/LinkFinder/linkfinder.py -d -i '_target_' -o cli >> endpoints.txt" -v + print_message "Started gathering Endpoints" + cat live_jsfile_links.txt | parallel -j 5 "echo 'Scanning {} Now' ; python3 ./tools/LinkFinder/linkfinder.py -d -i '{}' -o cli >> endpoints.txt" || handle_error "LinkFinder" } -#Gather Secrets From Js Files +# Find secrets in JS files secret_js(){ -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Started Finding Secrets in JSFiles\e[0m\n"; -interlace -tL live_jsfile_links.txt -threads 5 -c "python3 ./tools/SecretFinder/SecretFinder.py -i '_target_' -o cli >> jslinksecret.txt" -v + print_message "Started Finding Secrets in JSFiles" + cat live_jsfile_links.txt | parallel -j 5 "python3 ./tools/SecretFinder/SecretFinder.py -i '{}' -o cli >> jslinksecret.txt" || handle_error "SecretFinder" } -#Collect Js Files For Maually Search +# Download JS files for manual testing getjsbeautify(){ -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Started to Gather JSFiles locally for Manual Testing\e[0m\n"; -mkdir -p jsfiles -interlace -tL live_jsfile_links.txt -threads 5 -c "bash ./tools/getjsbeautify.sh '_target_'" -v -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Manually Search For Secrets Using gf or grep in out/\e[0m\n"; + print_message "Started to Gather JSFiles locally for Manual Testing" + mkdir -p jsfiles + cat live_jsfile_links.txt | parallel -j 5 "bash ./tools/getjsbeautify.sh '{}'" || handle_error "getjsbeautify" + print_message "Manually Search For Secrets Using gf or grep in out/" } -#Gather JSFilesWordlist +# Gather words from JS files for wordlist wordlist_js(){ -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Started Gathering Words From JsFiles-links For Wordlist.\e[0m\n"; -cat live_jsfile_links.txt | python3 ./tools/getjswords.py >> temp_jswordlist.txt -cat temp_jswordlist.txt | sort -u >> jswordlist.txt -rm temp_jswordlist.txt + print_message "Started Gathering Words From JsFiles-links For Wordlist." + cat live_jsfile_links.txt | python3 ./tools/getjswords.py >> temp_jswordlist.txt || handle_error "getjswords" + cat temp_jswordlist.txt | sort -u >> jswordlist.txt + rm temp_jswordlist.txt } -#Gather Variables from JSFiles For Xss +# Extract variables from JS files for possible XSS var_js(){ -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Started Finding Varibles in JSFiles For Possible XSS\e[0m\n"; -cat live_jsfile_links.txt | while read url ; do bash ./tools/jsvar.sh $url | tee -a js_var.txt ; done + print_message "Started Finding Variables in JSFiles For Possible XSS" + cat live_jsfile_links.txt | parallel -j 5 "bash ./tools/jsvar.sh {} | tee -a js_var.txt" || handle_error "jsvar" } -#Find DomXSS +# Scan JS files for potential DOM-XSS vulnerabilities domxss_js(){ -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Scanning JSFiles For Possible DomXSS\e[0m\n"; -interlace -tL live_jsfile_links.txt -threads 5 -c "bash ./tools/findomxss.sh _target_" -v + print_message "Scanning JSFiles For Possible DomXSS" + cat live_jsfile_links.txt | parallel -j 5 "bash ./tools/findomxss.sh {}" || handle_error "findomxss" } -#Generate Report +# Generate a report report(){ -echo -e "\n\e[36m[\e[32m+\e[36m]\e[92m Generating Report!\e[0m\n"; -bash report.sh + print_message "Generating Report!" + bash report.sh || handle_error "report.sh" } -#Save in Output Folder +# Save results to output directory output(){ -mkdir -p $dir -mv endpoints.txt jsfile_links.txt jslinksecret.txt live_jsfile_links.txt jswordlist.txt js_var.txt domxss_scan.txt report.html $dir/ 2>/dev/null -mv jsfiles/ $dir/ + mkdir -p $dir + mv endpoints.txt jsfile_links.txt jslinksecret.txt live_jsfile_links.txt jswordlist.txt js_var.txt domxss_scan.txt report.html $dir/ 2>/dev/null + mv jsfiles/ $dir/ } -while getopts ":l:f:esmwvdro:-:" opt;do - case ${opt} in - - ) case "${OPTARG}" in - - all) - endpoint_js - secret_js - getjsbeautify - wordlist_js - var_js - domxss_js - ;; - - *) - if [ "$OPTERR" = 1 ] && [ "${optspec:0:1}" != ":" ]; then - echo "Unknown option --${OPTARG}" >&2 - fi - ;; - esac;; - - l ) target=$OPTARG - gather_js - ;; - f ) target=$OPTARG - open_jsurlfile - ;; - e ) endpoint_js - ;; - s ) secret_js - ;; - m ) getjsbeautify - ;; - w ) wordlist_js + +# Process options +while getopts ":l:f:esmwvdro:-:" opt; do + case ${opt} in + -) + case "${OPTARG}" in + all) + endpoint_js + secret_js + getjsbeautify + wordlist_js + var_js + domxss_js + ;; + *) + echo "Unknown option --${OPTARG}" >&2 ;; - v ) var_js - ;; - d ) domxss_js - ;; - r ) report - ;; - o ) dir=$OPTARG - output - ;; - \? | h ) echo "Usage: " - echo " -l Gather Js Files Links"; - echo " -f Import File Containing JS Urls"; - echo " -e Gather Endpoints For JSFiles"; - echo " -s Find Secrets For JSFiles"; - echo " -m Fetch Js Files for manual testing"; - echo " -o Make an Output Directory to put all things Together"; - echo " -w Make a wordlist using words from jsfiles"; - echo " -v Extract Vairables from the jsfiles"; - echo " -d Scan for Possible DomXSS from jsfiles"; - echo " -r Generate Scan Report in html"; - echo " --all Scan Everything!"; - ;; - : ) echo "Invalid Options $OPTARG require an argument"; - ;; - esac + esac + ;; + l) target=$OPTARG + gather_js + ;; + f) target=$OPTARG + open_jsurlfile + ;; + e) endpoint_js + ;; + s) secret_js + ;; + m) getjsbeautify + ;; + w) wordlist_js + ;; + v) var_js + ;; + d) domxss_js + ;; + r) report + ;; + o) dir=$OPTARG + output + ;; + \?) echo "Usage: $0 ..." + ;; + esac done -shift $((OPTIND -1)) +shift $((OPTIND -1)) \ No newline at end of file diff --git a/install.sh b/install.sh index 418ee72..2f01626 100644 --- a/install.sh +++ b/install.sh @@ -3,6 +3,25 @@ #MAKE DIRECTORIES mkdir -p tools +#INSTALL PARALLEL +echo -e "\n-----------------------INSTALLING PARALLEL------------------------" +# Check if parallel is already installed +if ! test `which parallel`; then + echo "Parallel not found, installing..." + # Install parallel if it's not found + if ! test `which sudo`; then + # If sudo is not available, try to install parallel without sudo + echo "Installing parallel without sudo..." + pip3 install parallel + else + sudo apt-get update + sudo apt-get install parallel -y || echo "Failed to install parallel" + fi +else + echo "Parallel is already installed!" +fi +echo -e "\n-----------------------FINISHED INSTALLING PARALLEL------------------------" + #INSTALL INTERLACE echo -e "\n-----------------------INSTALLING INTERLACE------------------------" cd ./tools @@ -11,9 +30,9 @@ cd - pip3 install --user -r ./tools/Interlace/requirements.txt cd ./tools/Interlace/ if ! test `which sudo`; then - python3 setup.py install + python3 setup.py install else - sudo python3 setup.py install + sudo python3 setup.py install fi cd - echo -e "\n-----------------------FINISHED INSTALLING INTERLACE------------------------" @@ -75,9 +94,9 @@ cd - pip3 install --user -r ./tools/LinkFinder/requirements.txt cd ./tools/LinkFinder/ if ! test `which sudo`; then - python3 setup.py install -else - sudo python3 setup.py install + python3 setup.py install +else + sudo python3 setup.py install fi cd - echo -e "\n-----------------------FINISHED INSTALLING LINKFINDER------------------------" @@ -86,4 +105,4 @@ echo -e "\n-----------------------FINISHED INSTALLING LINKFINDER---------------- echo -e "\n-----------------------INSTALLING GETJSWORDS.PY------------------------" wget https://raw.githubusercontent.com/m4ll0k/Bug-Bounty-Toolz/master/getjswords.py mv getjswords.py ./tools/ -echo -e "\n-----------------------FINISHED INSTALLING GETJSWORDS.PY------------------------" +echo -e "\n-----------------------FINISHED INSTALLING GETJSWORDS.PY------------------------" \ No newline at end of file