./scripthunter.sh https://google.com. Note that it may take a while, which is why scripthunter also implements a notification mechanism to inform you when a scan is finished via Telegram API. Blogpost
To install scripthunter, clone this repository. Scripthunter relies on a couple of tools to be installed so make sure you have them:
Furthermore, scripthunter uses Telegram to send you a notification once a scan is finished. To enable this feature, you need to create a Telegram Bot and paste your Bot API key and chatid in the scripthunter script. You can follow this guide to get these values.
- Parse directories containing js files from found public files
- Scan js directories for hidden js files using ffuf and a custom wordlist
- check all found files for connectivity
- notify user once scans are finished
- aggregate all seen js filenames into one global wordlist
I ran this on some random verizon subdomain:
➜ scripthunter-dev ./scripthunter.sh https://developer.verizonmedia.com/ _ __ __ __ ___ ________(_)__ / /_/ / __ _____ / /____ ____ (_-</ __/ __/ / _ \/ __/ _ \/ // / _ \/ __/ -_) __/ /___/\__/_/ /_/ .__/\__/_//_/\_,_/_//_/\__/\__/_/ /_/ by @r0bre [*] Running GAU [+] GAU found 7 scripts! [*] Running hakrawler [+] HAKRAWLER found 5 scripts! [*] Found 2 directories containing .js files. [*] Running FFUF on https://developer.verizonmedia.com/./ [+] FFUF found 0 scripts in https://developer.verizonmedia.com/./ ! [*] Running FFUF on https://developer.verizonmedia.com/assets/ [+] FFUF found 0 scripts in https://developer.verizonmedia.com/assets/ ! [*] Running FFUF on https://developer.verizonmedia.com/assets/js/ [+] FFUF found 0 scripts in https://developer.verizonmedia.com/assets/js/ ! [*] Running FFUF on https://developer.verizonmedia.com/js/ [+] FFUF found 0 scripts in https://developer.verizonmedia.com/js/ ! [*] Running FFUF on https://developer.verizonmedia.com/static/ [+] FFUF found 0 scripts in https://developer.verizonmedia.com/static/ ! [*] Running FFUF on https://developer.verizonmedia.com/static/js/ [+] FFUF found 7 scripts in https://developer.verizonmedia.com/static/js/ ! [*] Running FFUF on https://developer.verizonmedia.com/static/js/vendor/ [+] FFUF found 3 scripts in https://developer.verizonmedia.com/static/js/vendor/ ! [+] Checking Script Responsiveness of 13 scripts.. https://developer.verizonmedia.com/static/js/vendor/js-cookie.js https://developer.verizonmedia.com/static/js/jquery-3.3.1.min.js https://developer.verizonmedia.com/static/js/autotrack.js https://developer.verizonmedia.com/static/js/utils.js https://developer.verizonmedia.com/static/js/navigation.js https://developer.verizonmedia.com/static/js/vendor/rapidworker-1.2.js https://developer.verizonmedia.com/static/js/vmdn.js https://developer.verizonmedia.com/static/js/right-nav.js [+] All Done! [+] Found total of 13 (8 responsive) scripts!
If you like this tool, consider following me on Twitter @r0bre! ;)