• This repository has been archived on 01/Nov/2023
  • Stars
    star
    668
  • Rank 67,542 (Top 2 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Fetches javascript file from a list of URLS or subdomains.

subjs

License Go ReportCard

subjs fetches javascript files from a list of URLS or subdomains. Analyzing javascript files can help you find undocumented endpoints, secrets, and more.

It's recommended to pair this with gau and then https://github.com/GerbenJavado/LinkFinder

Resources

Usage:

Examples:

$ cat urls.txt | subjs 
$ subjs -i urls.txt
$ cat hosts.txt | gau | subjs

To display the help for the tool use the -h flag:

$ subjs -h
Flag Description Example
-c Number of concurrent workers subjs -c 40
-i Input file containing URLS subjs -i urls.txt
-t Timeout (in seconds) for http client (default 15) subjs -t 20
-ua User-Agent to send in requests subjs -ua "Chrome..."
-version Show version number subjs -version"

Installation

From Source:

$ GO111MODULE=on go get -u -v github.com/lc/subjs@latest

From Binary

You can download the pre-built binaries from the releases page and then move them into your $PATH.

$ tar xvf subjs_1.0.0_linux_amd64.tar.gz
$ mv subjs /usr/bin/subjs

Useful?

Buy Me A Coffee

More Repositories

1

gau

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Go
3,231
star
2

secretz

secretz, minimizing the large attack surface of Travis CI
Go
317
star
3

theftfuzzer

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.
Python
297
star
4

230-OOB

An Out-of-Band XXE server for retrieving file contents over FTP.
Python
166
star
5

hacks

Repo of useful scripts
Go
100
star
6

cspparse

A tool to evaluate Content Security Policies.
Go
70
star
7

jenkinz

jenkinz is a tool to retrieve every build for every job ever created and run on a given Jenkins instance.
Go
60
star
8

otxurls

Fetch known urls from AlienVault's Open Threat Exchange for given hosts
Go
58
star
9

brute53

A tool to bruteforce nameservers when working with subdomain delegations to AWS.
Go
58
star
10

DOD-Recon

Recon for Department of Defense HackerOne program
HTML
45
star
11

research

miscellaneous security research stuff
Java
36
star
12

reckdns

A kinda reckless dns resolver. Still under development.
Go
16
star
13

rickrolllogs

tool to rick roll access.logs
Python
14
star
14

sslc2

Simple C&C example in assembly that retrieves commands from the Organizational Unit (OU) field in an SSL certificate
Assembly
9
star
15

rlyCTF

rlyCTF (relay CTF) challenge to emulate real-world SSRF attacks.
HTML
8
star
16

bugbountylink

URL Shortener using Flask & MySQL
HTML
7
star
17

lc.github.io

Information Security blog by Corben Leo @hacker_
HTML
7
star
18

newsletter-code

Repository for any code I send out in newsletters.
Go
6
star
19

ctf-dev

Various CTF's I've created over time
HTML
1
star
20

solidity-by-example

My code for following along with the https://solidity-by-example.org/ course
Solidity
1
star