Static JS analysis

first need to gather the JavaScript code.

Filter Proxy HTTP history to only show files with the js extensionMark the resulting list of JavaScript files and Copy URLs then save them in text fileAt this point you can go manual and start search in each url

To discover endpoints and parameters in JavaScript files, you can use LinkFinder. Results can be either saved to HTML or printed to stdout:

$ python linkfinder.py -i 'js/*' -o result.html
$ python linkfinder.py -i 'js/*' -o cliThe combination with other command line tools can also be beneficial:python linkfinder.py -i 'js/*' -o cli | sort -u | grep restBurp Suite Professional users can also use JS Miner to detect endpoints and secrets. Issues will show up in Burp Suite’s Issue dashboard as soon as JavaScript files are passively analyzed.I didn’t use this before but we can search for it 😂 >> To detect secrets in code, you can use TruffleHog. Earlier, TruffleHog focused on secrets within git repositories. Nowadays, it natively supports filesystems and more. Just make sure to use the sub-command filesystem.$ ./trufflehog filesystem ~/Downloads/js --no-verification --include-detectors="all"
🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷

Found unverified result 🐷🔑❓
Detector Type: AWS
Decode Type: PLAIN
Raw result: AKIAIOSFODNN7EXAMPLE
File: ~/Downloads/js/main.js

If you are searching for something specific, you can of course also use basic command line tools like grep. : Article talks about this point by ( Matar )

Outdated JavaScript libraries often contain vulnerabilities. A common example is jQuery. Often, you can find version information in the path or file name of the library or as a version string in the file itself.

By using burp or Wapplayzer you can know the versionAfter this you can search for Vuln that affect this versionTo check whether vulnerabilities are published, you can use online services such as snyk.io.

Before reporting, verify that the web application is actually vulnerable to avoid NA&Info. Vulnerabilities in libraries often affect only specific functions. If the web application does not use these functions, it is not vulnerable. Search the web application’s JavaScript for vulnerable functions with the methods described above.

reference & source for this article:

kpwn

Matar