如何使用EndExt从JS文件中提取出所有的网络终端节点
本文由 创作,已纳入「FreeBuf原创奖励计划」,未授权禁止转载
关于EndExt
EndExt是一款功能强大的基于Go语言实现的网络安全工具,在该工具的帮助下,广大研究人员可以轻松从JS文件中提取出所有可能的网络终端节点。
比如说,当你从waybackruls抓取所有JS文件,甚至从目标网站的主页收集JS文件URL时。如果网站使用的是API系统,而你想查找JS文件中的所有网络终端节点时,该工具就派上用场了。我们只需要给该工具提供JS文件的URL地址,它就可以帮助我们抓取目标JS文件中所有可能的网络终端节点、URL或路径信息。
工具安装
由于该工具基于Go语言开发,因此我们首选需要在本地设备上安装并配置好最新版本Go语言环境:
brew install go
接下来,广大研究人员可以使用下列命令将该项目源码克隆至本地:
git clone https://github.com/SirBugs/endext.git
工具使用
go run main.go -l js_files_urls.txt ______ ________ __ / ____/___ ____/ / ____/ __/ /_ / __/ / __ \/ __ / __/ | |/_/ __/ / /___/ / / / /_/ / /____> </ /_ /_____/_/ /_/\__,_/_____/_/|_|\__/ ( * ) EndpointsExtractor Tool By @SirBugs .go Version ( * ) For Extracting all possilbe endpoints from Js files ( * ) Version: 1.0.5 (Updated 3.Vrs on 7/7/2023) ( * ) Contact: Twitter@SirBagoza, GitHub@SirBugs, Medium@bag0zathev2 ( * ) Command: go run main.go -l jsurls.txt ( ! ) You can use only -u for single URL or -l for .JS file URLs, Not both ( ! ) This tool has been received the last 3 updates at once ( 1 ) - https://example.com/_home/chunks/preload-helper-xxxxxxxx.js :: (endpoint) _app/ ( 2 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/dashboard-metadata/bulk ( 3 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/applications ( 4 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/accounts ( 5 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) sign-in ( 6 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/sign-out ( 7 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/organization/details ( 8 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/organization/update ( 9 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/organization/subscribe ( 10 ) - https://example.com/_home/chunks/esr-apps-xxxxxxxx.js :: (endpoint) endpoints/express-security-review/application ( 11 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) applications ( 12 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) applications/new ( 13 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) settings ( 14 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) integrations ( 15 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) grants ( 16 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) applications/ ( 17 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) accounts ( 18 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) webhooks ( 19 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) quickstart-guides ( 20 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) connectivity-api-offering ( 21 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) plans ( 22 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) users ( 23 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) billing ( 24 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) experiments/
One-Liner命令
echo 'target.com' | waybackurls | tee waybackresults.txt; cat waybackresults.txt | grep "\.js" > js_files.txt; go run main.go -l js_files.txt
注意,这里我们可以使用Gau、HaKrawler和Katana等等。
工具运行选项
-l string 设置需要爬取网络终端节点的JS文件列表,可以包含不止一个JS文件URL地址 -o string 设置输出文件,默认为js_endpoints.txt -p 开启公开模式,显示每一个终端节点的URL地址 -u string 需要爬取网络终端节点的单个URL地址
许可证协议
本项目的开发与发布遵循MIT开源许可证协议。
项目地址
EndExt:【GitHub传送门】
参考资料
本文为 独立观点,未经允许不得转载,授权请联系FreeBuf客服小蜜蜂,微信:freebee2022
被以下专辑收录,发现更多精彩内容
+ 收入我的专辑
+ 加入我的收藏
相关推荐
文章目录