JsRegRecon is an open-source tool designed to assist bug bounty hunters and developers in identifying sensitive information leaks within JavaScript (JS) files. This tool enhances the security of web applications by proactively detecting potential vulnerabilities that could lead to security breaches.
- Efficient Detection: Utilizes a customizable regex pattern to detect a wide range of sensitive information leaks in JS files.
- Flexible Input Handling: Accepts an input file containing URLs to JS files, accommodating various testing scenarios.
- Automated Content Retrieval: Fetches content from each URL for seamless analysis.
- Detailed Reporting: Provides detailed output for each sensitive pattern match.
- Bug Bounty and Development: Useful for bug bounty hunters and developers to uncover vulnerabilities and rectify leaks.
- Clone the JsRegRecon repository from GitHub.
- Install required Python packages with
pip install -r requirements.txt
. - Prepare an input file (e.g.,
js_links.txt
) with URLs of JS files to be scanned.
Run the tool with the following command:
python jsreg.py js_links.txt
Found sensitive information in: https://example.com/script.js
Pattern matched: (combined_regex_pattern)
Found sensitive information in: https://example.com/js/api.js
Pattern matched: (combined_regex_pattern)
- Enhanced Discovery: Comprehensive approach to identifying sensitive leaks.
- Time Efficiency: Automated content retrieval speeds up vulnerability identification.
- Wider Coverage: Extensive regex pattern for thorough analysis.
- Early Detection: Integrating JsRegRecon in development identifies leaks before production.
- Security by Design: Promotes security-first mindset among developers.
- Streamlined Review: Periodically scan codebase for sensitive leaks.
JsRegRecon is a crucial tool for bug bounty hunters and developers, contributing to improved web application security. It automates sensitive information discovery in JS files, identifying vulnerabilities and enhancing overall security.
Project Link: GitHub - JsRegRecon
Disclaimer: JsRegRecon is intended for ethical security testing and research. Use responsibly, follow proper disclosure practices, and obtain authorization before testing on any web application. Authors and contributors are not liable for misuse or illegal activities.