A tool that is used for parsing urls and endpoints from javascript files. It extracts urls from individual js files linked to the current webpage. JS-Parse has a few flexible features - basic stdout, blacklisting unwanted third party js files, downloading beautified js files, organized multi-file saving, and single file saving.
Created by mrunoriginal/AtlasWiki
- Stdout-Friendly: basic printing of only urls to stdout.
- Downloading: allows you to download js files that are in a beautified format.
- File Management: allows an organized structure of storing the files and urls.
- File Association: parses the name of the js files and writes the associated urls to them.
- URL Filter/Check: verifies legit urls and removes false positives.
- Disable Third Party URL Probing: disables http requests sent to third party urls.
- Fast HTTP Probing: uses concurrent requests and allow you to optionally set the requests per sec.
- Filtering modes: comes with filtering of specific status codes when doing http probing.
- HTTP Probing Report Summary: saves a json report summary of response status codes and header information of the urls.
- Method Selection: allows you to select which methods to use. default is only_safe
clone the repo
git clone https://github.com/AtlasWiki/js-parse.git
install the dependencies
pip install -r requirements.txt
run the file:
- python:
python js-parse.py https://youtube.com
or
- linux:
./js-parse https://youtube.com
-h, --help show this help message and exit
-s, --stdout stdout friendly, displays urls only in stdout compatibility. also known as silent mode (default: False)
-f {all,1xx,2xx,3xx,4xx,5xx,forbidden}, --filter {all,1xx,2xx,3xx,4xx,5xx,forbidden}
removes false positives with http probing/request methods (use at your own risk). 4xx does not include 404 and 405 (default: None)
--remove-third-parties
does not probe third-party urls with request methods (default: False)
-n, --no-logo hides logo (default: False)
-r REQUESTS, --requests REQUESTS
the number of concurrent/multiple requests per second (it is multiplied by 2 as it does both GET and POST) (default is set to 12 req/sec (without specifying) which would be actually 24) (default: 12)
--scope [SCOPE ...] specify domain names for file extraction. Extract js files from the domain(s), Ex: google.com (default: None)
-j {all,no-http-headers}, --json-report {all,no-http-headers}
json report/summary of all urls (default: None)
-m METHOD [METHOD ...], --method METHOD [METHOD ...]
Display method(s) options: all, only_safe, only_unsafe, GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD (default: ['only_safe'])
-c, --clean print all urls in absolute format. convert all relative urls to absolute (default: False)
-o, --merge create file and merge all urls into it (default: False)
-b, --isolate create multiple files and store urls where they were parsed from (default: False)
--save-one merge all saved js files into one (default: False)
--save-each save individual js files (default: False)
basic usage:
python js-parse.py https://youtube.com
block third party url probing and probe target's urls:
python js-parse.py https://youtube.com -f all --remove-third-parties
single-file:
python js-parse.py https://youtube.com -m
std-out:
python js-parse.py https://youtube.com -S
full summary report:
python js-parse.py https://www.youtube.com -j -m -f all --remove-third-parties
The creator(s) of this tool provides no warranty or assurance regarding its performance, dependability, or suitability for any specific purpose.
The tool is furnished on an "as is" basis without any form of warranty, whether express or implied, encompassing, but not limited to, implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
The user assumes full responsibility for employing this tool and does so at their own peril. The creator(s) holds no accountability for any loss, damage, or expenses sustained by the user or any third party due to the utilization of this tool, whether in a direct or indirect manner.
Moreover, the creator(s) explicitly renounces any liability or responsibility for the accuracy, substance, or availability of information acquired through the use of this tool, as well as for any harm inflicted by viruses, malware, or other malicious components that may infiltrate the user's system as a result of employing this tool.
By utilizing this tool, the user acknowledges that they have perused and understood this warranty declaration and agree to undertake all risks linked to its utilization.
This project is licensed under the MIT License - see the LICENSE for details.