Jsleak - A Go Code To Detect Leaks In JS Files Via Regex Patterns

2021-08-18T21:30:00
ID KITPLOIT:6061553099016729966
Type kitploit
Reporter KitPloit
Modified 2021-08-18T21:30:00

Description

jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it's built for this, you can use it to identify anything as long as you have a regex pattern for it.

How to install

Directly:

{your package manager} install pkg-config libpcre++-dev  
go get github.com/0xTeles/jsleak/v2/jsleak

Compiled: release page

How to use

Usage of jsleak:  
  -json string  
        [+] Json output file  
  -pattern string  
        [+] File contains patterns to test  
  -verbose  
        [+] Verbose Mode

Demo

cat urls.txt | jsleak -pattern regex.txt  
[+] Url: http://localhost/index.js  
[+] Pattern: p([a-z]+)ch  
[+] Match: peach

To Do

  • Fix output
  • Add more patterns
  • Add stdin
  • Implement JSON input
  • Fix patterns
  • Implement PCRE

Regex list

Inspired by

Thanks

@fepame , @gustavorobertux , @Jhounx , @arthurair_es

Download Jsleak