JSProbeX is a Python-based tool for extracting URLs and sensitive secrets from JavaScript files. This tool helps you scan multiple URLs or files for sensitive information like API keys, secret tokens, and more. It is ideal for penetration testers and bug bounty hunters who need to efficiently analyze JavaScript files and identify valuable data.
- URL Extraction: Automatically extracts URLs from JavaScript files.
- Secrets Detection: Identifies sensitive data such as AWS keys, Stripe keys, GitHub tokens, and more (supports more than 49+ types of secrets).
- Auto-generated Output: Saves extracted data in a file with a unique name based on the given domain.
- Input Support: Accepts input through both single URLs or a file containing multiple URLs.
- Clean Error Handling: Provides beautifully formatted error messages for non-200 responses.
- Organized Output: Saves extracted data domain-wise or in a custom directory.
- Python 3.x
requests
- For making HTTP requests.beautifulsoup4
- For parsing HTML content (optional based on your use case).validators
- For validating URLs.urllib3
- For handling URL connections and security.colorama
- For coloring terminal output.
-
Clone the repository:
git clone https://github.com/hackelite01/JSProbeX.git
-
Install the required dependencies:
pip install -r requirements.txt
-
Run the tool:
-
For single URL input:
python jsprobex.py -u <URL>
-
For multiple URLs from a file:
python jsprobex.py -f <file.txt>
-
To extract secrets from URL:
python jsprobex.py -u <URL> --secrets
-
To extract secrets from file:
python jsprobex.py -f <file.txt> --secrets
-
To specify output file:
python jsprobex.py -u <URL> -o <output_file.txt> --secrets
-
This tool is intended for ethical penetration testing, bug bounty hunting, and security research. Use it responsibly and ensure you have permission to test the URLs and files you are scanning. Unauthorized scanning of websites and applications may be illegal.
This project is licensed under the MIT License.