BOOK THIS SPACE FOR AD
ARTICLE ADAs you may know, some hackers like using the command line interface and running tools to gather information for later monitoring. I happen to be one of these hackers.
I recently found a command line version of retire.js, but it wasn’t as helpful as I expected. It requires the installation of JavaScript files for scanning, which was a bit inconvenient. So I tried to embed this retire.js cli version, inside of my go lang tool which I called gretire.
Gretire takes a list of URLs as input and, for each URL, it performs the following steps:
HTTP Request: It sends an HTTP GET request to the specified URL, emulating a web browser by setting a user agent string. The response, which typically contains JavaScript code, is then read.
Scan: The retrieved JavaScript code is saved to a file named “javascript.js,” and a command is executed to run Retire.js on this file. Retire.js is the security scanner that looks for known vulnerabilities and issues in JavaScript libraries. The program captures the output of Retire.js, which includes information about any detected Common Vulnerabilities and Exposures (CVEs).
This tool saves you from installing JavaScript files on your computer. It grabs the JavaScript code directly from the websites you want to check. Then, it quickly scans the code for security issues using Retire.js. This makes it easy to check for problems without the trouble of setting up files in advance. Plus, you can easily use it in a one liner.
#installationnpm install -g retire
go install -v github.com/whalebone7/gretire@latest
#usage:
echo "target.com" | waybackurls | grep ".js" | gretire
#or:
katana -u "https://target.com" -d 4 | grep ".js" | gretire
.
.
.
There are multiple ways to fetch JavaScript endpoints from websites. You can effortlessly pass these URLs to Gretire for a swift and effective scan, pinpointing potential security vulnerabilities. With this streamlined process, performing quick and thorough CVE checks becomes a breeze.
Best of luck on your hunt.