EndExt是一款功能强大的基于Go语言实现的网络安全工具,在该工具的帮助下,广大研究人员可以轻松从JS文件中提取出所有可能的网络终端节点。
比如说,当你从waybackruls抓取所有JS文件,甚至从目标网站的主页收集JS文件URL时。如果网站使用的是API系统,而你想查找JS文件中的所有网络终端节点时,该工具就派上用场了。我们只需要给该工具提供JS文件的URL地址,它就可以帮助我们抓取目标JS文件中所有可能的网络终端节点、URL或路径信息。
由于该工具基于Go语言开发,因此我们首选需要在本地设备上安装并配置好最新版本Go语言环境:
brew install go
接下来,广大研究人员可以使用下列命令将该项目源码克隆至本地:
git clone https://github.com/SirBugs/endext.git
go run main.go -l js_files_urls.txt______ ________ __/ ____/___ ____/ / ____/ __/ /_/ __/ / __ \/ __ / __/ | |/_/ __// /___/ / / / /_/ / /____> </ /_/_____/_/ /_/\__,_/_____/_/|_|\__/( * ) EndpointsExtractor Tool By @SirBugs .go Version( * ) For Extracting all possilbe endpoints from Js files( * ) Version: 1.0.5 (Updated 3.Vrs on 7/7/2023)( * ) Contact: Twitter@SirBagoza, GitHub@SirBugs, Medium@bag0zathev2( * ) Command: go run main.go -l jsurls.txt( ! ) You can use only -u for single URL or -l for .JS file URLs, Not both( ! ) This tool has been received the last 3 updates at once( 1 ) - https://example.com/_home/chunks/preload-helper-xxxxxxxx.js :: (endpoint) _app/( 2 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/dashboard-metadata/bulk( 3 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/applications( 4 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/accounts( 5 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) sign-in( 6 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/sign-out( 7 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/organization/details( 8 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/organization/update( 9 ) - https://example.com/_home/chunks/organization-xxxxxxxx.js :: (endpoint) endpoints/organization/subscribe( 10 ) - https://example.com/_home/chunks/esr-apps-xxxxxxxx.js :: (endpoint) endpoints/express-security-review/application( 11 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) applications( 12 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) applications/new( 13 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) settings( 14 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) integrations( 15 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) grants( 16 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) applications/( 17 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) accounts( 18 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) webhooks( 19 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) quickstart-guides( 20 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) connectivity-api-offering( 21 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) plans( 22 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) users( 23 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) billing( 24 ) - https://example.com/_home/pages/__layout.svelte-xxxxxxxx.js :: (endpoint) experiments/
(向右滑动,查看更多)echo 'target.com' | waybackurls | tee waybackresults.txt; cat waybackresults.txt | grep "\.js" > js_files.txt; go run main.go -l js_files.txt(向右滑动,查看更多)
注意,这里我们可以使用Gau、HaKrawler和Katana等等。
-l string设置需要爬取网络终端节点的JS文件列表,可以包含不止一个JS文件URL地址-o string设置输出文件,默认为js_endpoints.txt-p 开启公开模式,显示每一个终端节点的URL地址-u string需要爬取网络终端节点的单个URL地址
(向右滑动,查看更多)本项目的开发与发布遵循MIT开源许可证协议。
EndExt:
https://github.com/SirBugs/endext
【FreeBuf粉丝交流群招新啦!
在这里,拓宽网安边界
甲方安全建设干货;
乙方最新技术理念;
全球最新的网络安全资讯;
群内不定期开启各种抽奖活动;
FreeBuf盲盒、大象公仔......
扫码添加小蜜蜂微信回复“加群”,申请加入群聊】
https://go.dev/dl/
文章引用微信公众号"FreeBuf",如有侵权,请联系管理员删除!