During reconnaissance(recon) process it is very helpful to get idea of all end-points of JavaScript files. These days you have seen that the JavaScript files having unformatted code, This tool will extract all that links in those files.
And also you can get blog on the same Blog on EndPoint-Finder
This is python script to disclose end-points in JavaScript files.
This discloses:
- Full URLs (starting with
http, https, file, php, ftp) - Dotted URLs (starting with
/* or ./* or ../*) - URLs having extension(
js, php, xml, png, etc...) - URL or directory having any
parameters - And some
expected directorieswhich can be exist!!
| Short Form | Long Form | Description |
|---|---|---|
| -f | --file | Input a file containing JS code |
| -u | --url | Input URL to fetch JS code |
| -o | --output | Location to save the file |
| -c | --cookie | Cookie for making request |
- Finding End-point in locally saved file:
python EndPoint-Finder.py -f input.js- Finding End-point in remote files:
python EndPoint-Finder.py -u https://example.com/hey.js- Make output in out.text:
python EndPoint-Finder.py -f input.js -o out.txt- Finding End-point in remote files but only access-able via cookie:
python EndPoint-Finder.py -u https://example.com/hey.js -c "PHPSESSID=Ytywq568hsadadadsd"
