From e1feb9f86ab7acca092d6994fc19153a29195db8 Mon Sep 17 00:00:00 2001
From: Nemesis <83503290+Nemesis0U@users.noreply.github.com>
Date: Thu, 19 Oct 2023 20:20:24 +0300
Subject: [PATCH] Add files via upload
---
LICENSE | 21 ++++
README.md | 101 +++++++++++++++++++
background.png | Bin 0 -> 22722 bytes
go.mod | 16 +++
go.sum | 43 ++++++++
main.go | 264 +++++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 445 insertions(+)
create mode 100644 LICENSE
create mode 100644 README.md
create mode 100644 background.png
create mode 100644 go.mod
create mode 100644 go.sum
create mode 100644 main.go
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..deb9588
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Nemesis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..35cf1fa
--- /dev/null
+++ b/README.md
@@ -0,0 +1,101 @@
+# JSRecon
+## A powerful tool designed for identifying hidden endpoints and sensitive information within JavaScript files on a website.
+
+
+
+## Description:
+JSRecon is a powerful tool designed for identifying hidden endpoints and sensitive information within JavaScript files on a website. It finds hidden URLs and hard-coded sensitive information to assist with detecting vulnerabilities.
+
+
+## Features:
+
+- Fast crawler
+- Finds sensitive information(API keys, e-mail(s), internal addresses...)
+- Discovers hidden endpoints
+- Built in Go
+
+
+## Installation:
+
+### Option 1:
+
+[Download](https://github.com/Nemesis0U/JSRecon/releases) from releases
+
+### Option 2:
+Run the following command to get the repo:
+
+ $ go install -v github.com/Nemesis0U/JSRecon@latest
+
+
+## Usage:
+
+### Options:
+
+```
+./jsrecon -h
+NAME:
+ JSRecon - Scan and extract endpoint URLs and sensitive data from JS files on a website
+
+USAGE:
+ JSRecon [global options] command [command options] [arguments...]
+
+COMMANDS:
+ help, h Shows a list of commands or help for one command
+
+GLOBAL OPTIONS:
+ --url value, -u value URL of the website to scan (required)
+ --keyword value Keyword to search for in JavaScript code (optional)
+ --output value, -o value Output file to save the links (optional)
+ --show-as-domain Show results as domains instead of full URLs (optional) (default: false)
+ --show-sensitive Show sensitive data found in JS files (optional) (default: false)
+ --cookie value Custom cookie to include in the request (optional)
+ --help, -h show help
+
+```
+
+### Example:
+
+```
+./jsrecon -u https://www.tiktok.com --show-sensitive --output results.txt --show-as-domain
+
+Data saved to results.txt
+
+IP Address: 1.0.0.73
+IP Address: 1.0.1.234
+API Key: 3319de946467a5e2530ff6f04830521452419c9a548f85fca089ebc9cf8c22a8
+Credential: username
+Credential: Username
+Credential: Password
+Credential: password
+Email Address: roaogardo@gmail.com
+Email Address: nemilio@tripon-entertainment.com
+Email Address: smashingpencilsart@gmail.com
+Email Address: Raziirawani@gmail.com
+Email Address: nbellarteskids@gmail.com
+API Key: 2023101515264400AB6AE6E1431E45CF25
+API Key: 858a8ca65482457eac325ed2eeb463b0
+API Key: f0dae91b3b5c2419f57f9e25a02df551
+API Key: 47ee01b829cee66c47ef333f6fd4d7bb
+API Key: f549fe8da2aebb5b2bae6f5389b6a016
+
+...
+
+IP Address: 1.0.0.201
+Credential: secret
+sf16-website-login.neutral.ttwstatic.com
+lf16-tiktok-web.tiktokcdn-us.com
+im-api-va.tiktok.com
+m.tiktok.com
+www.tiktok.com
+starling-oversea.byteoversea.com
+mcs-va-useast2a.tiktokv.com
+vmweb-va.byteoversea.com
+webcast.tiktok.com
+f-p.sgsnssdk.com
+sf16-tcc-tos-va.byteoversea.com
+api.tiktok.com
+```
+
+## License
+
+Distributed under the MIT License. See `LICENSE` for more information.
diff --git a/background.png b/background.png
new file mode 100644
index 0000000000000000000000000000000000000000..1c580e75a87c94bcdc5d851326ae83f0eaadbebe
GIT binary patch
literal 22722
zcmeFZ^LJ$56E+&##>B?NHaa$Xf{AUL6MN!JYwAtMkVfPsM_%SZ!M!N4Fizve@55MQrt?{M2+Z!ku3QUI{e
z|E}DQl0+~tQZN~SsJchyS%=IY%Ee^rhxOO&G;e^U8AMt{zkD>5=r1VgUzDNLQ3IY8
zRVkpN5Erkaf@GYIS>Y)${w#{Df{@?88{+1qW-NiY!$$Fpfm`Z~zf%*TWX7P$u^T7XkI504f0p>MU@K<12RtFr2Tkj0W4{Ax_Ffr0D
zA&0;rB5c6C{7{zVW4y}2s8dGVw5S&96S|kUIqBkz&v?*VMc3ouN2gPX3r#vJ3PD6f
za1$r%4GbI|5V0(S**QkaOY8BP6L)C^%q?q_eHtk0NKz|y&D^Dejq^1+7>f2V{r7tu
zv^2*8(_Uauf03dka|j8FOU&_a7)`AOd1#)`k)nt6(I(|rD;E^0Cns<)>S!w0;F;KN
z|Mx8tW}*rxy!k?(DmUvYB^aB;(9rycZ^xMTuHE~O
zk37BKja8j$*62qF5#dEZ5R7Q)HtYCcG>l;CKhbn)G&&z@ZR>io^RUS;Z$SD_Q(TBTg(Cisruwa_f~QF*Vo%!~zWBficw6r6@A+(tDXwa_>F3
zDw@huQvc~fFduOu+OG%TA7DxwXD}1A-u0xfL}~<&sq(qKg}t&Yh@Nj8_^bv@&L!A2
z&DTSgWqCs33>_;RO6v`ThOYllK{Zl$*g#cnR$_Hb#KAM@eCbFiv>?7^JXDUc;Kk?J
zu^e6Wjt~O%T*(Br5Day7Fjdt+Qb)tN(s=B{n=hLn{1OX>hV~Xmn2C0(DS=|`3+#t7
zG7|I2^gxFq4xR#tMgABUwb}~2Wx(1(gQpP0!BPRjp+`hQAi&7P$_LTZx?@XV;rzea
zU_Kh{d6Rz;4i{FXHiBWrr#553#7qsxlV3K)LzS4r7udzr9a4BSz#~oX1z?k-0abux
z%=GzUP%7~*D8M)vd+G$s1{wrJTpTO_7C9qr3#Hj!?tw$99}zye5w)47_(B4w4N{s&
z*ji#J+@LZoS&Y$n!
zX*Es%d*l-0!Ja{+e}rsoHzE2JQa
zXDNya^EbxaLcv7^F59cw>Qv56e;9^$aU@g$^O10uR;#K}|zA5T1!
zT!nL0B9BfI26O^VzSh8&X5_uYVC@0>OCuo4s}`|OCXhu#GDfLuSBsALU!X9|mna_I
zn$q6>W82|*6>f^LL&F&FXK==4RUW=$?rU`q-LNQ^o90$>$);wJDU<4`b5UNgy$23mGUnz7Fdvo-#bf6hQQFi!b@^&x&97*-P~Jg|72AqHs+kBkl?0
z)+nRS64VEqq0a}l7*lI{D-$vkMv-8V!{7$^RwDM+sj$qaTbmpV6*^;mR1Oz$_+JvM|u;I^caW9nj!IpgP
zY`?~CxOHtV8^SOh-T*}_c6`Sc45%O+`QkCiaf^$?lfD=I$&J}J#w-4G_u*Az|&5z=#D?Ros|$v0)f-LMiQR0+;_B+NlhU2hYY+3)VX49@a2l=UXi`lQoXHkt~j
zq!`QTaAV47VQ1ddaH=rU#bLTK`Ma08#f;x-KIPvGOR2pBK!1!=JHCy5a|y*oq{GpH
z__EGHo-}BQaC2Ru}$#$3xDC-
z3JSZP^>=-CedIK<0#ho;`b^Sn1`0+teNJ`5s@n8@5upRDzHr{((_}so~FooCQf~(#Ly)dm`*cE>p&@CzWyh$qw
zyF5Mj_F|s>Xv3*9PG5R@aX;$M!tWbfejVwYGVFo)a*QW3##X~iAvy~$^|A|XHkYWrbtJ?bTMB2tnqVd5)U4z4EkB(TdL}?r>(ZY>su?X
z{`2u5U#ye>sP)T1ZMYtQVGqsvdaM3NgQ(?E=G>vu@hiuHsoaxUZ~K^&Hg@y;n2Sv(
zROSj6()p;IrkUcaBZcvmw#}Z?_UCw)WO|TYY@#y8OzG#%0|7RtGx}}kxmei$VntkSG&C&MlK$i0ElCNxpg&OCYjum(zAUF)
zr@k@Otr&{Ersk;T%Z(~_I`U=K+|sVOPM>M=kv?n<^3aJuEd
z(i+N5ClM1fVWUsjERZ(O8%7=cG=HJ|Q5pUPRapcq06`s)CB0j8-FZD2Vefm|4zi-$
z(|e8T_veuQuH!PkG^(p<(xj+_>?YH9h(jQ87*lRf5~2LM@CqFoV?_5o^}h)Ds{;0=
zH}_Qg*9HV0uc5SG5OkB2n=eQn^??PC;LV}ci?u@!HY`ohyB#jS2chhpRSh8y{+)`4
zjog`*N_>n=6DzO9Li1F@WhK&Tm8XgTL~r*KgLz?UB0bz9$9aa)j2tSy`rO3?Xl1YI
zW7Iom2eHwIZ~EhU1^_XHloYv6$pkPf0@yk`*CDOsg!5)`{!21!=J5Wd1qp$?TuZpY
zFP5X+#ue9tD;Gp4fG3gH7x-U1P5nv0p+;KN$aI=l6GJd2_Qtbau}7w$t`H
z&Ew50&v#4pM>AcRaeqKH9>PQw#rLX%jx}vcKaftDlvSRdL$(3|V|oGBTu(Z5YsBKT
z@m_2FUVEe@3;-1m30w6sJ$eL_%<||`ZO6jlPkziS;9?EDz-yLodgq;GJe5*$F_oep_JU}>`L>PP^|`p|+v)1Iax_T5MD8
zJT#*6LxYm!frd3?)}?jo8aj)E1bEbF0FLtJBT;~#H^EysdzmbKr1N10cWjr>yzAwx
zGNy~0P8$o(rLfPa#>W}6o7=~_zTfL(Vp*EJ4`zmLX|6qmE=!giO@likO!8mYW+Q34
z<1)p5)KbS#WLF1;D9PHmtk7Wo=2wVc4bFYh_CFIt{LPkbb3Oxs0J2_S=!8EqqRa?a
zlo(5mp$lL@;QWbn*7y#DjP@l9`!wvm_S~dXs
zG*Yrri{#b<;5ra0<4kn^gX$S4Edm)Sh$pPdB0c44p0|s0yCmE1;mGxp*X3Q%L2=if
znO6e=Xi1}U`T6vZEsu#7?zcfAV%0S2SacK^eQehu7NUF
zYi)5O5{<$}CXmQpBhvxs9;eE0%_qh0-5};8;*j;wRyG0j7^s_4-rj!xGG}K#iSTC!
zdXFO_mC+)#V*Broul2!E-pRYW%{Kvq)FDJY;m+HY>*2!bg)#)R0+|S8e6zlO>SUu)
zg=DOWW0yz`y&S*O4FB693Uj-bW5u7qD0OE8@N=_7#_QDZt#omzs;=u7$S&`Dd0?%n
z5xEf?5^#R%BO))*B|lNIi_Oh?v>7^_WQY1=epr!4ch50A5y70g8p`Yfd$?#*#e?iiiti7{j*sm38a<{*!$DVe<55rF$S%lXlM~b!U)}<7DDfbT
z4Uh*pW39b5ZBIYXyWS^Jhy}LV31bHR-^VZCNj^Vt7Zzp*y-}gXTJeort4cvb1bB&u
zj0nPqt}BtZ9v}Oa+#6nJq1OI>_rTZayaw?OJ8?x?kV9KLNoj0oUte
zjFnty8ZvqSI9afbm|+|(4<#eh8X;qrQVjM=sCW91a29qhNlw0ClRDK!yQd2IgTx2v
z?MK2)4otP|?X2%w;8meTrh*Gz4DR)ArgXe&>`srqXpdDs+V+T1D0Jf`E|O&RP+%4s
zK=yl1QMb^iE2UI`3R?m4&eETex>lcheAM}iQS5!@AlUknpA)4?o~f#(NCOB~{ZM@-
z-!(X^W1g?(=i{xb%NJ0}tSxQN{}#Za=$kT~Ee%82%G%I`vZ@0cgbo_x@#pgd?HPdt
zwEc+MCHXD~?aON`bw1MsC*Qn>3vh5;j6KwEUxtWUPOgxVka@!k2jf^rpd{sQX(9(L
zaDI`3g$>?!49d$<*SrSs{XNxUyA`7FVRI6Y&0b+z!dpp^Ghc1R@O3**(
zw;PCJn5S~vbp9cVEXo^<_2gb=eVX!O0siypw<+Y2wmeJTAyJ|Fd^(bvsaPSB_a*&i
zc*9^CsJKrf=49H!yVsUbbyXCpPhE>R*3-B{n}okllw!c2jyTMCR2L5|DlpM2GDu-3
zH3^_8N=kUhc_~Bg8U)u5z=-*aQNEqqHtel^$GP!cwkTxgjeG-nL^uQo*D)H>Dsy*W
zOm5xxNXN~)kSs(pFHQb_njNnbO$B30<=L|R2}?w_BTK&%)EihHB^JyOp7!10kz!w#
zUPN;&L3)nz7zPXPN7Wu68e5a?d4H@jyNJWORD*HW1q>6q
z&B9NF*LR~^n=SKY2ovm#a5P5B)jRSyNqf_lHrya)A-O7cf9r2GLyk1dQ<2n6M~|F`eivZ
zNYUcq2mGD0M0*xs(l8^Q8hjiky+sN{8(gAv{!wLamY|IR{!f7lMN*gA&_Ac$$MKgA
zmTi0Ve+20E5Bbk%W9;u1fAOG}fQx6=Jy^o<0DePrq8MS556Hk2F`Ou0UmQnx3e7)e
zO`2_tI;APqdJU%qcL#4QC(`>K%kkb2kWN#g`S~plj(;0{4I3_NKw@iy^Ue0({Frg@
zj9ssk0Rv&8^6nE##dgN)YtECfizu5Ai@#d@-|KOwHNx}hnNlT7X3u92n=)yb$uaa&
zM`K{h87zm$j_vyN7QDnZLhtl8&NWmkJ1o5AyH4ffoZFWcqkcU=8(w0vEur5_VhU?K
zdjiK7Y@od?gDpJ-ElYFp#1mtPJN}fMerIfn{6Yg(N16^7&;5bZI*oDA?B{f1&&N-v
zYl+~3uHk^x)Y__|LmX6xveyfYivbH61#rGLL$cTh{}bIP40pyMQLAuJ3Adun=fm@+
zfYW>BNmA~Kgs*c1X34w`xRLLE(V(kMSqlc
zl6Y~VS#hyW6{L1m7vyD_A(FIe>VLbv*lqK%i#u6%s4H;Vut_oP^?oEQe{blkKleP2
zMYR9h;Gi;wbwdJ}=38#J_;~PET65`Z<5`w4!_vMVpa`);EPp(WE(njozrQgUg)U1g1CmQHdg5$)b
zNm(C)_sQwo;ILeXt
z%&%RYDCz%tvgiLP+;yL(^sznhxY5eBfy*~avun}ZYu=F$25_TZW$t|1QSyH{70z_2
z{CBM2eljOx_OO9|si?NjEMdx*)_yZ07yEgXcIemK$T`q(-6|vKtpC!lb87ehsFtW
z(1~&KL%-Vn8Y@V)C|DKL51h{WS(pnhEP!t5cS=m*IXT0!wX2JqhU?W}M$^k5HZ-taYwG#jti@~bSb1|s{+$U&Sw->Q*EzOpy0n>0y4QY7Tw
ztF-h&u;z|HCb_x*u1Y*$KH%433k!h)XGCwRZ2V)$5k3O~ZWRIoVind7Xr&(7loxKK
zOZs$56^FwFZ>%P?w`(nN$c2CvuFl2)x~{RYxqEC?iqq9#%0_e4Iku)5bG17Pl8;fh9+R#IvAc
zMpI!{p_lN^4S!Nbl$?>jm(bD~>dU|E;0s%jTODZt9s(iqoLXiSgVempZCrL@I__YL
zZjtGEu4P+r>BaJNYleQY^ASZ?KE!F@NM$z88K{Erp>?el*@VT%Dg@{+?gZXSqjFWiaFMn
z!a`oBO3#=e@hn^NT2vUmMi6_2HZ3FQ(`B=EGPM+|=ZUVFBp(Rok|Xq4`D|bYs|@&x
zjND3cojIj|BJ3p!l=EF)C{q%?&2d2L>Av93;PgePlasO1d>_av;QG-%3J={@@jTp=
zR*{Dm;lH<3hgV?LJ9qynkhT)
z91Z3RslgR@fHy6|)sJM|(xeU)0F_p?Rw+;p&?46-C*Wnda(oKcckhv?1xx4z@9q$4
zPRX5;g9q;`0o1gv@Fvst%ZNs1$DnRYvVp<%iF53CGA_x`|MWCBgW_56ue-Ha3G3ts
zl|86~yYFOxw_^O}!J}<)opju2q2UN*MM&Wm>fKzy5ut+MMgeM=b}11*(TgcpUk-a!
zO`MA;QFWxc^EY6LaJU%&&%5ZhsR$yZpo#Lw6+TDBESkdsZ|wZ3GM-eW`g)cax;h?q
zExBYeV`Z%>MncS0QrHw%z0BESvc8#ynY}!AK;5yR2E6=zU*o4b%EB;L{FxA~CN>ti
z4w3Rg+tUWyBFCL}J}Fi_N)8h^H*GmrQ&1#5qV*gB-t03X
z|L;ltgZKi{TPRb+N=c&KZ-7F_li&`T_)^x?VFFFLWX^?rBhDYa>c1LrQPS5lo=ZOZ
zNSD2LXgyB=XwWGd<_(U$g`q8Z1~$?3iO6BTBBq8~F`^Fpf!;8)0~5;|j4p@2qxU5`
z3Kr^bEwmjKGlNh&!okHZCVJ!zZb(aOG*Fx>ZOdF&8hU>dm7{jbtEvFSK)$o7qRDmlp~}hhXa7^TzVxj1mXgwztnw^*ncnFSM|!ZeBzBZb;vB%=7v=DrO
zC%$n1%MLK!uL^tv7Sg_f10&fh9Nh`wXsz(8MZbpamG7mn%k2H@34O}u*`7iE+?n_B
zL<2386Uz@|JJxWE*_WuFv)oGA!mbmx3S%xK3WR$S76FKTCi0q0<1Gu2gkIrWdlIoi!g`Jq-h+)mh%}QQrF`TS)*1zNW@muE1&Ke?^(5Y_)bsV6*?od7V@lJ7#OTySn
z&N7G94SD~palU^Hbi9Y|)aPaFxJsF8yj=r{3k@+1dii~^21vk^1*_JNqocvoDx(brddhq7>+NM6(={%r_6cZL;XmgY)q7ny8ba{@_iAf06kX9XY_s-b9TEiD(tfBG3BTIDvv`cNXi@TcPpjz0QdOB
zLF+7Y*Ih5BlHlh~Iqp}2p4mGISeW_X^xWzs6uK`V>ADF0nfkQ0oY?iUKk0v!xY_Qy
zVy9&KFPybkUOpSY64KiPTm^|BG6WK<=LtV^%2nYDo|M0fqpm&ae`KLLX{gyN?b*%!Sb3<3Y8K4%bQ
zj7uM?heTue!MbPwBu%(9NY??_hwA{yQw||bwGKJJ2*0QV-X*`!eEd(lu3gAW-%HF`
z!H3<=F0SS5rKV*0;DYq(4Q7(}D{rA|njBuI^U5s{ZmR!49zq-^EQ-3d^_c)e_t>ts
zeP`#(9Suq6>qZ!;5wZ+n6q`sKXAx90KRDP4`TBGhuHN&jw#BPU;HCEQJxa;vWh;+R
zlv;9AFHddJTEkw)bvNeH^K;$Zf9rMg^MX0Y@BJ;sHVZ_LIiI}t`O)|JqW?M2V{I4U
zuB_AS_$0Tu;WFQ2@Bdn>-{Co;&0t2uvCLA8O>LPrRE7qiOM-y=tPdco3#AYGyR&k$
zqFKeKJpYQ)?LN&!FII5f18EJ*Ra#Z*dQyQ`y%7X0T4MbhN5Vw(e8jPYCX~1*V7SnL
z^DFsq747J{d-k>eGoFIE$D1yR{7-uN@6KPCT(s(w&B_o8qU3U4_svh5*9Gp*hkN_Z
zH&|}lr6`OZf(^}ER6&Q^!>+rW-;X4~#op%26Fohkj6v!kXLGMIh`a
zF{!64Y%AzBU5ey+sK?s=HZf}p6?nK@C43XXj4$s0+M(a!ID!{yI7vB1`YV&I
zkJkenRu?YVAsfvJn<9~cVA19~DMs}6vaRd}Bp;}yYMRe#1&?fg{@bEn*l?0sI3q%$
zl9T6|MUU(k<~R}KZ<3p45cHRMT9B9u7D0kwC&XlfQ~3${K7e(_OESk#q_@b#BTTj9
zaO+L-wnw9=|F#f2p;yrXhYpmy_-neGnDesZ@!2?|_{t=DQY53l91viDSCFoS9DhN=
z9V_&kyzz3`O2Y6YeY$5guu13_duE}?;Q4UQ?T=b9hYVCbV7zKOrg)YyJ<3_pC|--+fREw
zhe_X9Fr)^+S{AF|-x*_NQWykaO8D`VpYIg~>TgsXnsG{7=$#mku*A3oEtp_>Tj%-4
zX8$K~5&_?X!^9>Cmro%zAdrRQfWwpg2R7GktiYQDxxmBIm*i}jh$wMr0a;C0?;!{w
zztWZxIO)&_oPYu2Mt%I~^x{o{`*ExgeGbFr$g=AJZQ<(Y5^=>h$h>@|22|HoJgx{I
z$9W`dkkXANZMQ$QYESoeFaJcW$~x%1NQMn-l&qk|2D4lcYUxP3FG=(etS_W(1E{STB8spk#
zKXz(N9P6R3rmF&sj~PHS;tlM!;<{)SiwK1#4dkpDqjp#PJ@8OxN-A(fp9|?pxFolG
z?0b5SkHA?46-lmx?!r)TVD$m{MImdm@ZdTW+iSN(07|AUp@ojxX@&qJQoR`;n$UDb
zg%$(l`wFaoZ#c~Rc|VY|5672tbD`)#UdIP}QHU^g`AUc);GsaPq*@5feBA|BrLLP^
zyFrOIZZEKL4Te=r-jr9DZt6ci-M4#RE;hPZvHDlW!@L@GKUC+bTU;M(+k4Z0hX=Q8A+;U=rUj7FHR
zE;2jPP^4{bZr;6SOfnZNh~JM9@QibWC!=|Wg+
z(T|MN7y-H+23D!OMv>_wFY6+hv1%DxDjv8R$dlEOXkOYlZ?P+R7ZU@fzPP}(uz2p)
zH@4K}Pm=LhqnYYyZ>brV`X>#QyVwz`n0e=A)0X8UCot^?n9s{u3N4|5&T8X*4AV_1
zJK4$J4oUhkifW{LixUyCXZ6&@IB2BU>vnv16_Ykx>(TxUlF;LL96WqUVN#(28X6i;SjB(!5&J>djU+}1*3?wh0vbY#l>~N<+z~)$oFm$Q^WMqG_{oK}
z6Dc8UoR*qq5mE66cTA^L1OMb#X!$SDEsy&&9Z;DyC7Sa%A13kY#Sm(@NX1
zl83~~b@1)lBXmPBf?5d)XJ^k8%IOwXB$*m>xg9Pp0n`XI-y2Od06CZFdAw+Bwz1$h
zR@$$sXE70zXBFBL=W1qCAJr&JJe(l=e~Rm``;U{g$Z!+WqAw;_GGdvG1y1&gF}+>=
z>&)%m753QSLBbR}L&6LXraM@4W-{(CvpN+MLeLHOewR$8HGSef(nZ|Dp&
zBEI()gO8@)O{_L2meoeVf~D35$K_V+b%k*DylgY=#gf9dJkQ9g^e0TR3#dl|WuHKT
zT84<%=_r!5wxUP1gw}ATWl>3fGIMcwPJz%?+f}a}H4*KYAPveGWKlXL=_*l>{?C}5
z_w3SfCgY6>kA95}TJ`&ED;eWrNbKiU#BPa#>@+w!fhw~omL#{Kop);#OB8kFTeZ8{
zNY01OWBVi1IgJX|$WOzs-~i3|j9JnO`+V5KLtQ+|xKznGtt~5;A`AxF6VygMoc3@+
zalF5br7erIAeURm4et(ZuQ}SmM5BF)d#Q9k)T5Hs+Y)G0Bvjh?ha(;Sz7S@J?wEHr
zDOdF&QP!`G<=0Od;B?uz{i=-X+0!teMdw!hmwmo?n#&FOEPccbbs^!k(9x!>z(6{I
zJ$eK}*;xGfQsNR)z09(PeZWMF{|nhSndvo}$e|{>4M*P`>=`up;&5tfunh4gf-n%p&X-4CQvpj}iVy1vw9DhxFfPfqn
zf5;sv=*Fmt{3Sg)BX$UsNZXa+N&U#yb+;8CX$@5g()g{ar~Gu4y%md^3T~^&a5oiN
zDQ=@|-u=4WAFNDq0AfBiI}`|xQ*2(Y^d}Kd?(G{DVXE8ZaF;lSB9w{>Fb*LOGZJxeo)D!u2+J|6h
z_#q^Z5p&1U}}Ym~lYy$DhlClXPkvt9?sa38uXv^FV;
z98CDsf^TQEG(>r`@Q&_iL%(y;MDV|*AF_hQ!0zc%vVwiF)?8Lb8sd-Dsnyb&PBNiR
zOWjbq##rlXrRw{|4FYQ!WdSyo9`=;(Z0R|)A6DaEj%DW#IYurdg=
z#W(5^Xk7^${XAt6?%g2z$nF9|HRmrULU?Q=y7$t`OtFzUgT#LOv`jnWO0S=v*xYBi
z*L>n2@b^r>9i2L0hib&)9MU#OdCc@X(w_(W);b_2%`cz-|g*~LS6y_B)Sc*@J6}lY!>-WXE
zczCE^WLaMO>_WsXK_3vHmQ&ziMnvC@w~r2ughv|6N!rccU!oXXw>9?+m*Ca^YKJs^
zwf2}2kOU>K!ceZPvpk+1y@LSVj|Vfgn&c56rOu&`VvgM5djkMuq7
zkYd)OCa~n}GIS%4Z>AD6m^Uza5F?XNO(}2mkUr;oktOAd->ZnBLG~u5210n6iq&Kt
zn8dEf?Oz4{p$nhPY<(Kc*lc|jYIA(*I9UzRdCH6RBko4^yX%i&ACxb%9PmaXb17|Z
zUrk|90NPWExS&4hi$;n2y@b&Uw4{I4fC8sB0&5q$-diSS<6!?RQ-VY5JKs_)t_dh9
z%T01qjCmmPP@n~8GkpJ2)FrRy8y9b5yfWE>U9J)(b9Ri1m;=xwrWl+LZ~
zZ8*=Hh3;4dJ;q<%w#CTbjxMtW8Z9$^06ATBn?l{w_CA>FcymPN*h5vjUI8Dp*cS|7
zU!J$`SeCqXQ&y8B=q8aHq0`1HBIJDS`u9wr7z#cumHwZhkWry
zlk4jm*_F1s3NY21>$>7xHRaE~X+Dwfa
z!Y|es5(@+5pHZ;^8xwz#G0V;*xkI*4tTQh|!fIK!2G1M!>h_zHIiP$m*N>91Q5~Us
z>~DQz9y4iiAg#-Lz#ro2o8Z=v$*x3(=w%mQ&Q`>nc3s-7OhrP=tj7`NcAuWcO`j)B
zulvT!pMxQff=`~*FUONPEA5&Qy(}?SY*DAM_toZ4RL-8FJw^Yqlz+7ZGoBS-QAl}B
zGOie1=EHeMn0kA?k2&Va7CR+6PYOL3a4T_E&W#xz_yn&om^wumcZwgaVwpt|Pmo}0
z5=452u=u~6v8>)|H9i_FGxCVe4$bv=u7iI*?B7=U++ybRGwD19zzRu4>%X6*Me$>Y
zTT_I3Ue2z?be47p3VziEB8^+<)h4k*GuQ9TdJnjx=Ocq|DT6eUat8DEbv!P^
zgv{|K1>V;l<_P-C?5*d|Ot2(0Yhb^CiK7d6(2-VB>8J04&SIHZ$i$-?O7bjL8Mc0?
z3-bAkPAL)Y#f*^h+uhD_v!3t6aSqYzISG^9PZdLm3ac{F(j}wDK~hF8wLV(>
z=O^f@bACWkxLvR@VezOdHXQ{G_O(X~sD4`y)K~efr9L*&_N|2{ryo~Faerrd^V}u}
zHd?H5J4ot+Z9X)TVh0?Tnu@36s@LQ-dQny#m>Z67qp)hD+wQS5zFXby_11rUY+}_x
z51t~Lr`5Bzg+ai>OQJ9ZtQ8oTX-~7|Lt7u
z_8sMQF?F&k$h@s>{WA_ph?y#-_-on8k}vIgom=fJqVeJ}aDYM$UOu!Fc0U5-kr3B|
z!9?}_k2RP(@6s2w0hQP88_z4ckG|RCe^0*QLIC7Vl-{?8xs~)X8=5SAY2g=|>e!Q`
zR?ioHD-yVEcwAx|kmDHzEi)l_!r8bnW%E4D8E5=VcAnvZF9JHjB4z1vn=f}JcF-m3
zfnne0D~C@_sCQ`QFMT&WcEJo6Qxi0Td@xa;2YAz3*VGrYGo?>f3`3w7gN*xYAi~z1D7U;SR!Qp>S4k|z%}Ycq#B1z{_gq%Bk%f}t7`!Oh-bATa0UW_3|Tn|HnFYO;XJZSL7SZeas(vEcHMiEmto@G~te
zs1&AwN2fY6!(pZGo0Fp8M+?8Rc?x1Qt|7M8o{c9?1xY@71#m$i&>Ug2uKT~kN!_=J
zvU=QR0{*lXnF57^S(w?uCdHpL8)1}}Es_~YcO7VYHJym7~Fa`OgtRjT_a0qWuEdXV~(i?a7ksNPXASX
zrP5NOJ#dQ6lUeVqb~8t6tCujvX?xt=&&+Gvoj$uoTjxjPBhUHdQ37O!zy1G6cnF4$
zj21e~Far}9>k|L4(d468JNT%A7*Zm{Ah0G*P3RMUwBLdn1X+dO2b}fpf>8Y&;c;Jl
zHP#&;eRJ$r?7MDWpj9xfjlJ&kC*&?@<-mA;ST0lT{=_CXe3w|YB8*gEcuASL61!v0
zcjr*}LmW|4A{3Du8crI$ZyT5N)x=|3TBift2>~<1I5ec9TBNY&nVB#;;G)9E%8VLI
zD;i48UBdA|s1I7igEA^-^afW?U3Q*pdG?*&Ay{DnssnYF9ms36vKQio5ZdU(LNtOi
z@CsY$Q-?iocGSn5yEfH*cG+|Kwg+^M6dLW{PhQ>2QrDY-q^I3!IoM0Cna~XXG1h{M
z{^ng$omTc*5)t5a<#RIrq0{mcIdo;a=Z|q$1c>GyC;8vZnoHb$#QIsX;zq8z-xHDe
zY#~;@E<{yl)1+!jF)lu_DGjLPJdxrKPuH
zl);7lH61l0=Rm2Tud;T^24^W}-wR4Xc6AIau}gF1xObbnTVfgTV&H;PxVrIjM^X<3
zMV_R$#|5Sid3q>q_cn~asZ*n=ok?jr>N@K>nhvEFMb;SS>SE_bdIdb5WQ8WM0`~BP
zn&6ryKkU@5V?@@H4MU3gmyqeP{2pDJ0a~dzL^z(vusf74gY;WgU_lZ%Sy7GG
zpt7O@XTQ6gElc#uOer-p4BUxwmPU20BY>^@fLYw4S@c)~jv^AFx~@O(eIP-Fr2yoi
z9uFtpBVS2&7=Id09oHq9u0Y>U1w+4Nga&ylYRZu;y4^@6e#=gXG4hHJp@Qh?FME73sDk&q`DBf)-mmFT*ff)}WYYAg(YlaU1J*QvrcG=0L`$
z+wyruMB=$8m%sV;&X7U=V~zo-7A-{4vsTW#4vvWk8WXAB5D$_8!$pb3%&my#)iJ(a
z18YAWAvn>M!v*JVNEsEGljxpOV>M`LQK=Hh+z#g_;pBw
zXdV7%RWhQiYRtl>SD`UwWdtAyddG!0dhx>(PaY`Uxek|VETh-5P=s?K&+i#*vmpim
zv4k47!pFG-v5<9ndTmNeeIK3`juwR(^RT4
z!x1^Mnh>4)W>EA#DZqZG*n-|5j2kBId<*@M6|7nV658p^x}1qitu2%gW0kR9s1{h*
z`>6Eat%#P2C1Ee5?)NYvjCwhA0QZlF6jrAa(8v>bT^(k5Fno-(DjA68|N5V`mZY=w
zp`pG06n(F#B0v(B&-$}`qm|#)t~u7rR-b+NNqLw20)Ms*gcbgGe?YkWn^&S#+p(xKA(|{X0J4u05=hP$B$lgv}$s-_9
z8(#(WwSeI2!e|mjA`$1;+)2xN=F%0!?Jo_8&YPCjwa=g}pMTcqg?G0Oh0IE3!h)GW
zkz=V~-@cOw7j#R7>fqVXLf3{d-m7MQ
znOmRlVXf8@QDtR$IY3&tJ1ks%Z6zRM(|PM4lfi5G&$4&L&Wj>Hgy&_mJ9Q;RoLAQ!
zOD(fwp~!t88hnN9Ub0}nq%PjD>iKLJZ}m$fvk$zKUCYl^$=YBVFBWDTo1fe4^iM|x`etp}rxSO9T&5eE!<4@WAZatFq;Gmx!NBnJ|NCEn
z*4v+n=i}Fd(^K&g3BGJ2qwYPOMF`Z$;QSztw3CBnwRb<|APCUq2w0L#uGM#ulMtmG
z-qQ?QwR1VfB?SlvQ)4V4Pc
zJw{Z^N{N3xJb)>wsfUee?#fZ@Nq$0;vF=_Ao!h0ST^Nb^+#gY6MbM|D{>RlMxSVhs
zw7-tD|5=u^`4RakPEdoJbptgS^yA}L-t-_gPU9YTreIz;%%sk#c$ti?b`}?3+Q>w|
z{pC|7k^e`&|8A1!TbR=44vqhJyNsn!uflCK#B&3>J@#OO@JFAUxdHA?5BNa~*+-9N
zQ5l1X-Y9wP+Ytul*JEh2AbcDjTv#+&keEc)A@`<$_erIOVY$nR`|%h$2;tzXW#?(3
ztWri?VR!XMO3`e1*e#hPHGzcg6>cOSvn|7M&^C?Q^2YVg)sNmE-Y)`zo;J7kozIPG
z_5zc@^^)#vOJ1Jnd0v@FcG*5@PeZ9cLfhghsf^@7!eKkOIuckCE#%?;C-rFIjryy>i&#d
zHDBgS*XgP5shQKKn?p=lu+0uJir5ILLfwqtr(fh@l(nkuf`z*5$Pa6Qi6g?l?i`{h!`8$VoXJCDU9
z8m3{Nwkhai27_7BSIsj^t*Sst-C^&F#>IV+-@belS#0~@1hPN;T!SAd0mF<;5
zxXJ}HMHER(5F@nxLfZllMkP=xT1@J#3KdH%AMW><{JE~4=z#6!TBG(`YvVpH9x0Z;
zAKZA99gkKp(ART+h^N4TUuU#KI{4b*MQsk=WhT%OfH#Cp_h}L
ziKxvf5jbdpNb^gV@}*4>=UTgfz;iik=8SB9{QGc)
z=!Bm-61?w;*mZ
z3=kfM#tQ1L{t(~T;ky^-_Odnc@@Q=MkbPHX*ORO$lx^RBQ=20aaEp*Gy{w|W79Opf
zItBFSa-OsLZSzR;VfRg8=TvtTQ`mp98zUsf8wnXkB;aJ+M@e@C>0_A6pcFcCN~0Ip
zR7G1_k4?h-Q7DBT)04j4mTz{%F)IScC#=aI8y6P!QR*yte}2hH=ytU30$b$YVZb}A
zo<+C~vYM18F0_JdX+64OWhkW>v;CqXhg{@h{)xi(JUyRhA>Shn#Le3}J@ZaeqsX?p
zen0K=
zFScZIeG_FdeQqIFJpT0DY~10w;+H_)c00JdyhtoC^JV8m)ErBXSoGK5DYp)I&pZ~N
z3w1S7U%?hbf<4cm@Ud9>t%ieMcA+~?PmvF&0sjV*C1!@M7q3`fd(wAH-0FmqZD|zC9I(Li
zq)ho;0*j5IM{&h$e=mKtlGn2s4Vv&M?a<#>0=m_35Qu99Xy^2m_861;pUZ(fhg<9%
zxT;6yo&S|nWoVXpxJiy%oG?B5<|)g+t{)d9pP)J^vpWKPr3w
zqjoJy)VlpH5dTtIGSrgyUZ4kAsR+={qEfD4^+`Kb`g@#R97sprzH?BU-K$%O_gsxw
z6kHp6b(C4B)X3n27vcisUbt`gkmxQb?l73P_>B!I+L(|iq7z@!J8}MS90-Zfi)R#}S_quP$9&}Kq8zbc)=Vu0
zU7v0at6A1n`denWdLE%9TtJ-ZX?>73iD~
z#Qi6YWKk1rzUEXTr^}$XEfArlE|`5{sJE|2nRhmHF;q94f_>KP%QMCf4zamH*e^t#
zFHI66^b@vGk;xObqQ=(g;V$=mT^5-75)tO+i%ATd=1`Uktnt`haZ8s&&ODLi!bPP-
zC}x^Ca*fU>OHXOfe5x^O1zd#iP4NO4_QH3<)kUHh42WqMxvc5AeH5S4$G1=5rzM!)_E$a@WK!Q$mq=8LYB;=^+XR^v^hIIyquJxwrQY*s3;Toxn^_al2Z
zXd(!a-5X%fV~bK5OP=C8q1(uR&HRwp_Pfxo?evQLClDDhUltQ+@j1Wes%9BGQ?6i16DNo|lKJsGYzs;D7?Qd1k-e|?gKUAf+~U!SQ~
zyxJK>Kkar(lN05vYn?**?$i=%g?qnD68G*~l$rwQWg4Et!J8d4FsWwmavW8|fU`chflWb3_(
z`ulNeEixQ{1H#KBpOGUH27YodN9}%){Fcif_g)bZY!1yz4iPbWCAG;^f}$yCfkoXv
zT}rUFI2fJjms7;s^I%~GXvF}g%a@Jy<_12;ZWW!&>z9|!hK7G{Wx)pivY&rv{b>#0
zmyN^x;OCL_#&17hzbfeVL_SonKq+tOm?jQ|Y&W$DBZG{Y#OXIF$yNJRhjFXJgR$}B
zUH{7aplbevzF(=1zoTT@hQl<+lr&}PWe99)Y14@x8CA1Kp*Q=ED-ahfo*FuSy$y@H
z?>QNuUnR}h?SE>RRjs>P#3O|sp{DByzl8*5S#aF~V%t2?8;)icNP?sJ;S}7#&wPTs
zq=Xd@=JMg*Ooevn2i2a4zy&rzrNI;d&$vuHExPJ-iaHJlKU8p(PX@JQq)4s9oeWuZ
z+p65-RMWhwDG8?q2{~oV3kZB!qZuas9znc`SZzD!)weM+%`_*9MkpyQ9c9pgbA48b^5&&*a1yBoVX+p0yLD1sm5fEA?6iu&3TOJ($y)*g
z0ANckE=ybsy~|SLBNBKid%J7Ym9)-5p?AQ@XiPF=(sR=Baz}cDc9_sG4L6Y*Mq!U~
zof{vG4QgQhlGb-^Rz5A`Dd$No*%~V)I_LPWDR-s01V?M223`JJJV6ZlPXX&ateR}H
z9h>u?1k=-OKnKOf0c5dQ3qRW^L^Z;opX$fshU=s0v~pt2^610X0p#Bk
zYS{w5Dhe=l#a29_Tw0MfN;v0YlW{TYQe>MTHj*RHbrgk|@u2E69p>7%nTY)gC@^tH
z|0+VEkg6NQ%POXpsboDA74fHg7B7RhM{?VR8^r3r!7IIfon#|>l&etoRx?55oMZ2P42<^UprK@6uLfk1b8JLL~q
z=00YX0J^;8Xo&)h#X~m8#CK*gH#uSpDG1-RnLAq`)*J@K(!-z
zTPgdF@ibMACUa51%4=daTY8-|2JyQcQEeriKU97tvCz%3)Z9Sk>Q&LLMnGVKA|g~f
zlwR@XF;UIgU%64)L!Bgpfmvf&QSjZ-=qPxwrhLRN&E9RTxEvXx{4v8+LyZQP@rT}7
z7noF>>yYcuwO6Uib8RMZ#!qFb!3=RV@j1y75Z*DfX)%97*;*#-hnlkUVlLH?JgQUN
z?Y6tsLN4
z6(Z#$)NExZvYo&Vvq_b0n@OIIQ{am{ks_pJ7|$rIA0<_6&FRw3uCgoou+
z6IV0sPwLsCw9c_glG}+BXDfY{GbLGtHW#lN
zGD#L{F3@`#xeMLE8)E$%+519n?We#1^Rwwp;5rpv0x`F`g58~`X6(v#KMwGQRqB=`
zy7aBWNXT!AGt;&tZ=DaKmK2wthKTbDt^0||dznTqh@6TWl$!Nt9
zoiTfwNFb2i(P_sutNNydln%OzP{Lo7f2E9mSTBVUw>VpRgX#u(9MuU*66Q}QfCbM)
zo&>>bHs%q%Ktl;M1j0Ws=#>t)r4$WMjQPY^+o%y`2B|BNT5%y~-dM1O
zu!&&b%c=o=i#5AzBvnLJzsMF|cc~zaTmc|NEX{e(r?E
zHBXfSaZh`wkcHQ%Ew_s`EF#%y%-UK;YV#VV;m}khm>3#3tqH&=!J+`|qT9=S!f$>N
z|5~9yYPy&WL6x~ge%a;Vbi|evb%xJ?v)*T8VeUPnU!2nG-atHm{JnRCcRPjnhK)V&
zXa+?leP-e%M-qO=n@RUU%)1u1n595YWcVuStv1%TlH6zV5|bc86DrEESdK|?YS%=z
zrig;}9nb>$E@y2^M-z>0mG%=Bk?oi1SiQOAGmf&Qxmc+=
z{1L0P+!dAqt2Lgh7<3iU)Qt6_;9gCqoC&cD?
zKu4$lgG=?r^wA7*Qm0?xhn#9KVQOaCDXq**u@dk5#P?i75d{_QHjxF6E@tO!=ahG
zD#uwa(lP+z(iqF>yC$u#c{jmJz69DXt7|k?9L%bHY=L`oh_80p_nqsC&gaUKu`)WYW276IXmK)MePpG>1MBb0yDF08CZsnXBSZ*)&2Yj_bIW0#v&?4=VKN8CAbt2bJpmQ{&^
zOs8kP@F0sPdp#LlfVy2|v%ftPW}z#$+$FzGLfu;V#?S14M@26ho_ZT;
zDuQtL6AL;L_M_md#h?)y))^ml;jXw0Qw0F|z0WHwihjFG)YGq8$U*cgXO*whc;B20
q1mnC;=hYzwP`!EcwebJX29Avl{hL1Y3DWuBF~~|ONmh!Rg!~T$SBi-M
literal 0
HcmV?d00001
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..b71af0b
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,16 @@
+module github.com/Nemesis0U/JSRecon
+
+go 1.21.3
+
+require (
+ github.com/PuerkitoBio/goquery v1.8.1
+ github.com/urfave/cli/v2 v2.25.7
+)
+
+require (
+ github.com/andybalholm/cascadia v1.3.1 // indirect
+ github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+ github.com/russross/blackfriday/v2 v2.1.0 // indirect
+ github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
+ golang.org/x/net v0.7.0 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..f67e017
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,43 @@
+github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
+github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
+github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
+github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
+github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..e5fef18
--- /dev/null
+++ b/main.go
@@ -0,0 +1,264 @@
+// Created by Nemesis
+// Contact: nemesisuks@protonmail.com
+
+package main
+
+import (
+ "bufio"
+ "fmt"
+ "log"
+ "net/http"
+ "os"
+ "regexp"
+ "strings"
+ "sync"
+
+ "github.com/PuerkitoBio/goquery"
+ "github.com/urfave/cli/v2"
+)
+
+// Defines regex patterns as global constants
+const (
+ urlPattern = `https?://[^\s'"]+`
+ emailPattern = `\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b`
+ apiKeyPattern = `(?i)\b[0-9a-f]{32,64}\b`
+ ipAddressPattern = `(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})`
+ credentialPattern = `(?i)\b(?:username|password|token|secret)\b`
+)
+
+func main() {
+ app := &cli.App{
+ Name: "JSRecon",
+ Usage: "Scan and extract endpoint URLs and sensitive data from JS files on a website",
+ Flags: []cli.Flag{
+ &cli.StringFlag{
+ Name: "url",
+ Aliases: []string{"u"},
+ Usage: "URL of the website to scan (required)",
+ Required: true,
+ },
+ &cli.StringFlag{
+ Name: "keyword",
+ Usage: "Keyword to search for in JavaScript code (optional)",
+ },
+ &cli.StringFlag{
+ Name: "output",
+ Aliases: []string{"o"},
+ Usage: "Output file to save the links (optional)",
+ },
+ &cli.BoolFlag{
+ Name: "show-as-domain",
+ Usage: "Show results as domains instead of full URLs (optional)",
+ },
+ &cli.BoolFlag{
+ Name: "show-sensitive",
+ Usage: "Show sensitive data found in JS files (optional)",
+ },
+ &cli.StringFlag{
+ Name: "cookie",
+ Usage: "Custom cookie to include in the request (optional)",
+ },
+ },
+ Action: func(c *cli.Context) error {
+ websiteURL := c.String("url")
+ keyword := c.String("keyword")
+ showAsDomain := c.Bool("show-as-domain")
+ outputFile := c.String("output")
+ showSensitive := c.Bool("show-sensitive")
+ customCookie := c.String("cookie")
+
+ client := &http.Client{}
+ crawlWebsite(client, websiteURL, keyword, outputFile, showAsDomain, showSensitive, customCookie)
+
+ return nil
+ },
+ }
+
+ err := app.Run(os.Args)
+ if err != nil {
+ log.Fatal(err)
+ }
+}
+
+func crawlWebsite(client *http.Client, websiteURL, keyword, outputFile string, showAsDomain, showSensitive bool, customCookie string) {
+ req, err := http.NewRequest("GET", websiteURL, nil)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ if customCookie != "" {
+ req.Header.Add("Cookie", customCookie)
+ }
+
+ response, err := client.Do(req)
+ if err != nil {
+ log.Fatal(err)
+ }
+ defer response.Body.Close()
+
+ if response.StatusCode != http.StatusOK {
+ log.Fatalf("Request failed with status code %d", response.StatusCode)
+ }
+
+ doc, err := goquery.NewDocumentFromReader(response.Body)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ var links []string
+ var sensitiveData []string
+ var wg sync.WaitGroup
+
+ // Defines regex patterns for sensitive data
+ regexPatterns := map[*regexp.Regexp]string{
+ regexp.MustCompile(emailPattern): "Email Address",
+ regexp.MustCompile(apiKeyPattern): "API Key",
+ regexp.MustCompile(ipAddressPattern): "IP Address",
+ regexp.MustCompile(credentialPattern): "Credential",
+ }
+
+ doc.Find("script").Each(func(index int, scriptElement *goquery.Selection) {
+ wg.Add(1)
+ go func(script *goquery.Selection) {
+ defer wg.Done()
+ scriptLinks, sensitiveScriptData := processScript(script, keyword, regexPatterns)
+ links = append(links, scriptLinks...)
+ sensitiveData = append(sensitiveData, sensitiveScriptData...)
+ }(scriptElement)
+ })
+
+ wg.Wait()
+
+ if outputFile != "" {
+ dataToSave := make([]string, 0)
+
+ if showSensitive {
+ for _, data := range sensitiveData {
+ dataToSave = append(dataToSave, data)
+ }
+ }
+
+ for _, link := range links {
+ if !showSensitive || (showSensitive && !strings.Contains(link, "@")) {
+ if showAsDomain {
+ parts := strings.Split(link, "//")
+ if len(parts) > 1 {
+ domainParts := strings.Split(parts[1], "/")
+ if len(domainParts) > 0 {
+ dataToSave = append(dataToSave, domainParts[0])
+ }
+ }
+ } else {
+ dataToSave = append(dataToSave, link)
+ }
+ }
+ }
+
+ if err := saveDataToFile(outputFile, dataToSave); err != nil {
+ log.Fatal(err)
+ }
+
+ fmt.Printf("\nData saved to %s\n", outputFile)
+ }
+
+ printJavaScriptLinks(outputFile, links, sensitiveData, showAsDomain, showSensitive)
+}
+
+func processScript(scriptElement *goquery.Selection, keyword string, regexPatterns map[*regexp.Regexp]string) ([]string, []string) {
+ scriptText := scriptElement.Text()
+ scriptLinks := findJavaScriptLinks(scriptText, keyword)
+ sensitiveScriptData := extractSensitiveData(scriptText, regexPatterns)
+ return scriptLinks, sensitiveScriptData
+}
+
+func extractSensitiveData(scriptText string, regexPatterns map[*regexp.Regexp]string) []string {
+ var sensitiveData []string
+ for pattern, dataType := range regexPatterns {
+ matches := pattern.FindAllString(scriptText, -1)
+ for _, match := range matches {
+ cleanMatch := strings.Trim(match, `" '`)
+ sensitiveData = append(sensitiveData, dataType+": "+cleanMatch)
+ }
+ }
+ return sensitiveData
+}
+
+func findMatches(text string, pattern *regexp.Regexp) []string {
+ matches := pattern.FindAllString(text, -1)
+ var cleanMatches []string
+ for _, match := range matches {
+ cleanMatch := strings.Trim(match, `" '`)
+ cleanMatches = append(cleanMatches, cleanMatch)
+ }
+ return cleanMatches
+}
+
+func saveDataToFile(filename string, data []string) error {
+ file, err := os.Create(filename)
+ if err != nil {
+ return err
+ }
+ defer file.Close()
+
+ writer := bufio.NewWriter(file)
+ for _, entry := range data {
+ _, err := writer.WriteString(entry + "\n")
+ if err != nil {
+ return err
+ }
+ }
+ writer.Flush()
+
+ return nil
+}
+
+func printJavaScriptLinks(outputFile string, links, sensitiveData []string, showAsDomain, showSensitive bool) {
+ printedDomains := make(map[string]bool)
+ uniqueLinks := make(map[string]bool)
+ uniqueSensitiveData := make(map[string]bool)
+
+ if showSensitive {
+ for _, data := range sensitiveData {
+ if !uniqueSensitiveData[data] {
+ fmt.Println(data)
+ uniqueSensitiveData[data] = true
+ }
+ }
+ }
+
+ for _, link := range links {
+ if !showSensitive || (showSensitive && !strings.Contains(link, "@")) {
+ if showAsDomain {
+ parts := strings.Split(link, "//")
+ if len(parts) > 1 {
+ domainParts := strings.Split(parts[1], "/")
+ if len(domainParts) > 0 && !printedDomains[domainParts[0]] {
+ fmt.Println(domainParts[0])
+ printedDomains[domainParts[0]] = true
+ }
+ }
+ } else {
+ if !uniqueLinks[link] {
+ fmt.Println(link)
+ uniqueLinks[link] = true
+ }
+ }
+ }
+ }
+}
+
+func findJavaScriptLinks(scriptText, keyword string) []string {
+ re := regexp.MustCompile(urlPattern)
+ matches := re.FindAllString(scriptText, -1)
+
+ var links []string
+
+ for _, match := range matches {
+ if keyword == "" || strings.Contains(match, keyword) {
+ cleanLink := strings.Trim(match, `" '`)
+ links = append(links, cleanLink)
+ }
+ }
+
+ return links
+}