JSNinja - "Hunting Bugs in JavaScript!"

JSNinja is a powerful tool for extracting URLs and sensitive information from JavaScript files. It's designed for security enthusiasts, bug hunters, and developers.

Installation:

To install JSNinja, run the following commands:

apt update
apt install git python3 python3-pip -y
git clone https://github.com/iamunixtz/JSNinja.git
cd JSNinja
pip3 install -r requirements.txt
sudo cp jsninja /usr/local/bin
jsninja -h

Single Command:

apt update ; apt install git python3 python3-pip -y ; git clone https://github.com/iamunixtz/JSNinja.git ; cd JSNinja ; pip3 install -r requirements.txt ; sudo cp jsninja /usr/local/bin ;jsninja -h

Usage:

To run JSNinja, use the following command:

python3 jsninja.py -u http://example.com/script.js --secrets --urls

Command-Line Options:

• -u or --url: Specify a single JavaScript URL to fetch.
• --secrets: Look for sensitive information in the JavaScript content.
• --urls: Extract URLs from the JavaScript content.
• -o or --output_file: Specify the file to save extracted links (default: extracted_links.txt).

Features:

• Extract URLs from JavaScript files!
• Identify sensitive information such as API keys and tokens!
• User-friendly interface!
• Open Source and actively maintained!
• API Key Detection: Detects API keys and secrets such as AWS, Google, Stripe, and more.

Available API Regex:

• AWS Access Key: Detects AWS Access Key IDs.
• AWS Secret Key: Detects AWS Secret Access Keys.
• Google API Key: Detects Google API keys (Maps, Firebase, etc.).
• Stripe API Key: Detects Stripe Secret API keys.
• GitHub Token: Detects GitHub API tokens.
• Twilio API Key: Detects Twilio Account SID and Auth Token.
• Facebook Access Token: Detects Facebook API access tokens.
• GitLab Token: Detects GitLab personal access tokens.
• Telegram Bot Token: Detects Telegram bot API tokens.
• API Key for Services: Detects other generic API keys with the format API Key: <key>.
• API Token: Detects API tokens in general formats.
• Google Maps API Key: Detects Google Maps API keys.
• Stripe Secret Key: Detects Stripe secret keys with specific formats.
• GitHub Personal Access Token: Captures GitHub personal access tokens.
• AWS IAM Key: Detects IAM keys for AWS access.
• Facebook App Secret: Detects Facebook App secrets.
• Telegram Bot API Token: Detects Telegram bot tokens.
• Dropbox API Key: Detects Dropbox API keys.
• Google reCAPTCHA Key: Detects Google reCAPTCHA keys.
• General API : Detects all genereal api keys.

Upcoming Features:

• API Endpoints in JavaScript Files: The tool will be enhanced to automatically detect and extract API endpoints within JavaScript files.
• Hidden Parameters: The tool will scan JavaScript files for hidden parameters and keys that may be obfuscated or dynamically generated.

Credits:

> Iamunixtz

> Inspired by various open-source projects!

License:

This project is licensed under the MIT License - see the LICENSE file for details.