Anitian Keyword Search

1. #!/bin/bash
2.  
3. args=("$@") #array to store command line arguments
4.  
5. KEYWORDS="password\|user" # default keywords
6.  
7. BASE_URL="" # URL off the base website. The common path to the main page, java files, etc.
8. MAIN_PAGE="" # Path to the main page (containing javascript includes) relative to the BASE_URL
9.  
10. print_help () {
11. echo "Usage: ./jssearch.sh --base-url [base url] --main-page [main page]"
12. echo ""
13. echo "Example: ./jssearch.sh --base-url http://www.example.com --main=page /blog/index.html --keywords username password"
14. echo ""
15. echo "Loads a website and then subsequently loads all the .js files. It searches each"
16. echo "JS file for the keywords “user” and “password” and prints those lines. The idea is it"
17. echo "may help identify where usernames may be stored in code, or maybe a weak login"
18. echo "mechanism."
19. echo ""
20. echo " --help"
21. echo " Show this message"
22. echo " --base-url"
23. echo " Sets the base URL. A common URL shared between the main page and the .js files."
24. echo " --main-page"
25. echo " Sets the main page. This page must have a list of all the .js files."
26. echo " --keywords"
27. echo " List of space-separated keywords to search for. This must be the last argument."
28. }
29.  
30. if [ $# -eq 0 ]; then
31. print_help
32. exit 1
33. fi
34.  
35. COUNTER=0 #Counts from zero to the number of arguments
36. while [ $COUNTER -lt $# ]; do
37. if [ ${args[$COUNTER]} == "--help" ]; then
38. print_help
39. exit 0
40.  
41. elif [ ${args[$COUNTER]} == "--base-url" ]; then
42. COUNTER=$(($COUNTER+1))
43. BASE_URL=${args[$COUNTER]}
44.  
45. elif [ ${args[$COUNTER]} == "--main-page" ]; then
46. COUNTER=$(($COUNTER+1))
47. MAIN_PAGE=${args[$COUNTER]}
48.  
49. elif [ ${args[$COUNTER]} == "--keywords" ]; then
50. i=$COUNTER
51. i=$(($i+1))
52. KEYWORDS=${args[$i]}
53. while [ $i -lt $# ]; do
54. i=$(($i+1))
55. KEYWORDS+="\|${args[$i]}"
56. done
57. COUNTER=$i #Ends the main loop since we are at the end of the arguments
58. KEYWORDS=`echo $KEYWORDS | sed 's/.$//' | sed 's/.$//'` # couldn't think of a better way to do this.
59. else
60. echo "Error: Unknown argument ${args[$COUNTER]}"
61. echo ""
62. print_help
63. exit 1
64. fi
65.  
66. COUNTER=$(($COUNTER+1))
67. done;
68.  
69.  
70. echo -e "\e[93mFetching Main URL: $BASE_URL$MAIN_PAGE\e[0m"
71. echo -e "\e[93mKeywords: $KEYWORDS\e[0m"
72.  
73. for line in $(curl -s $BASE_URL$MAIN_PAGE | sed -s 's:><:\n:g' | grep "type=\"text/javascript\"" |grep "src=" | grep -v "http://" | grep -v "https://" | awk -F "src=" {'print $2'} | awk -F " " {'print $1'} | awk -F \" {'print $2'})
74. do
75. echo -e "\e[93m ---------------------------------------------------------------------\e[0m"
76. echo -e "\e[93mFetching JS: $BASE_URL$line\e[0m"
77. echo -e "\e[93m ---------------------------------------------------------------------\e[0m"
78. curl -s $BASE_URL$line | grep --color -i "$KEYWORDS"
79. done