Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- args=("$@") #array to store command line arguments
- KEYWORDS="password\|user" # default keywords
- BASE_URL="" # URL off the base website. The common path to the main page, java files, etc.
- MAIN_PAGE="" # Path to the main page (containing javascript includes) relative to the BASE_URL
- print_help () {
- echo "Usage: ./jssearch.sh --base-url [base url] --main-page [main page]"
- echo ""
- echo "Example: ./jssearch.sh --base-url http://www.example.com --main=page /blog/index.html --keywords username password"
- echo ""
- echo "Loads a website and then subsequently loads all the .js files. It searches each"
- echo "JS file for the keywords “user” and “password” and prints those lines. The idea is it"
- echo "may help identify where usernames may be stored in code, or maybe a weak login"
- echo "mechanism."
- echo ""
- echo " --help"
- echo " Show this message"
- echo " --base-url"
- echo " Sets the base URL. A common URL shared between the main page and the .js files."
- echo " --main-page"
- echo " Sets the main page. This page must have a list of all the .js files."
- echo " --keywords"
- echo " List of space-separated keywords to search for. This must be the last argument."
- }
- if [ $# -eq 0 ]; then
- print_help
- exit 1
- fi
- COUNTER=0 #Counts from zero to the number of arguments
- while [ $COUNTER -lt $# ]; do
- if [ ${args[$COUNTER]} == "--help" ]; then
- print_help
- exit 0
- elif [ ${args[$COUNTER]} == "--base-url" ]; then
- COUNTER=$(($COUNTER+1))
- BASE_URL=${args[$COUNTER]}
- elif [ ${args[$COUNTER]} == "--main-page" ]; then
- COUNTER=$(($COUNTER+1))
- MAIN_PAGE=${args[$COUNTER]}
- elif [ ${args[$COUNTER]} == "--keywords" ]; then
- i=$COUNTER
- i=$(($i+1))
- KEYWORDS=${args[$i]}
- while [ $i -lt $# ]; do
- i=$(($i+1))
- KEYWORDS+="\|${args[$i]}"
- done
- COUNTER=$i #Ends the main loop since we are at the end of the arguments
- KEYWORDS=`echo $KEYWORDS | sed 's/.$//' | sed 's/.$//'` # couldn't think of a better way to do this.
- else
- echo "Error: Unknown argument ${args[$COUNTER]}"
- echo ""
- print_help
- exit 1
- fi
- COUNTER=$(($COUNTER+1))
- done;
- echo -e "\e[93mFetching Main URL: $BASE_URL$MAIN_PAGE\e[0m"
- echo -e "\e[93mKeywords: $KEYWORDS\e[0m"
- for line in $(curl -s $BASE_URL$MAIN_PAGE | sed -s 's:><:\n:g' | grep "type=\"text/javascript\"" |grep "src=" | grep -v "http://" | grep -v "https://" | awk -F "src=" {'print $2'} | awk -F " " {'print $1'} | awk -F \" {'print $2'})
- do
- echo -e "\e[93m ---------------------------------------------------------------------\e[0m"
- echo -e "\e[93mFetching JS: $BASE_URL$line\e[0m"
- echo -e "\e[93m ---------------------------------------------------------------------\e[0m"
- curl -s $BASE_URL$line | grep --color -i "$KEYWORDS"
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement