@shriyanss/js-recon 1.0.0 → 1.1.0-beta.2

package/.github/workflows/build-and-prettify.yaml

@@ -0,0 +1,65 @@
+name: Build & Prettify Code
+
+on:
+  push:
+    branches:
+      - dev
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Make sure the action checks out the repository to the pull request branch
+          ref: ${{ github.ref_name }}
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+          cache: "npm"
+      - name: Install dependencies
+        run: npm ci
+      - name: Build code
+        run: npm run build
+
+
+  prettier:
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Make sure the action checks out the repository to the pull request branch
+          ref: ${{ github.ref_name }}
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Install Prettier
+        run: npm install -g prettier
+
+      - name: Run Prettier
+        run: prettier --write . --tab-width 4 --trailing-comma es5 --no-color
+      
+      - name: Remove node_modules
+        run: rm -rf node_modules
+
+      - name: Commit and push changes
+        run: |
+          git config user.name "prettier-action[bot]"
+          git config user.email "prettier-action[bot]@users.noreply.github.com"
+          git add .
+          git commit -m "chore: prettify code" || echo "No changes to commit"
+          git push

package/.github/workflows/npm-publish.yml

@@ -0,0 +1,35 @@
+# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
+
+name: Node.js Package
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+      - run: npm ci
+      - run: npm run build
+      - run: npm run test
+
+  publish-npm:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          registry-url: https://registry.npmjs.org/
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.npm_token}}

package/.prettierignore

@@ -0,0 +1,2 @@
+.github/**
+node_modules/**

package/.prettierrc

@@ -0,0 +1,4 @@
+{
+    "tabWidth": 4,
+    "useTabs": false
+}

package/CHANGELOG.md

@@ -0,0 +1,50 @@
+# Change Log
+
+## 1.1.0-beta.2 - 2025.07.07
+
+### Added
+
+### Changed
+
+### Fixed
+
+- Fix build errors (type errors)
+
+## 1.1.0-beta.1 - 2025.07.07
+
+### Added
+
+- Svelte framework detection, and JS extraction
+- JSON-based file cache
+- Auto-approve executing JS code (`-y`/`--yes`)
+- Added max threads for downloading JS files `-t`/`--threads`
+- Add timeout handling and network idle check for page load in tech detection
+- Parse script tags to extract additional JavaScript URLs from page
+- Add secret scanning
+- Add feasibility check to API gateway function
+- Add endpoints module to support client-side path extraction
+- Add subsequent-requests feature (`RSC: 1`) in Next.JS
+- Add map module
+    - Webpack chunk parsing
+    - Interactive mode
+    - `fetch()` detection
+- Permutation in `strings` module
+- OpenAI and Ollama integration for AI descriptions
+
+### Changed
+
+### Fixed
+
+- Standardize UTF-8 encoding and improve URL path handling in lazy load module
+
+## 1.0.0 - 2025.06.18
+
+### Added
+
+- Lazy Load Support for Next.js and Nuxt.js
+- JavaScript String Extraction from downloaded JS files
+- API Gateway Proxying to rotate IP addresses
+
+### Changed
+
+### Fixed

package/README.md

@@ -1,166 +1,62 @@
-# js-recon
-## Installation
-To install the tool, run:
-```bash
-npm i -g @shriyanss/js-recon
-```
-
-## Usage
-```
-$ js-recon -h
-Usage: js-recon [options] [command]
+# JS Recon
 
-JS Recon Tool
+![NPM Licence](https://img.shields.io/npm/l/%40shriyanss%2Fjs-recon) ![GitHub repo size](https://img.shields.io/github/repo-size/shriyanss/js-recon) ![NPM Downloads](https://img.shields.io/npm/dm/%40shriyanss%2Fjs-recon) ![GitHub commit activity (dev)](https://img.shields.io/github/commit-activity/w/shriyanss/js-recon/dev) ![NPM Last Update](https://img.shields.io/npm/last-update/%40shriyanss%2Fjs-recon) ![CodeRabbit Pull Request Reviews](https://img.shields.io/coderabbit/prs/github/shriyanss/js-recon)
 
-Options:
-  -V, --version          output the version number
-  -h, --help             display help for command
-
-Commands:
-  lazyload [options]     Run lazy load module
-  endpoints [options]    Extract API endpoints
-  strings [options]      Extract strings from JS files
-  api-gateway [options]  Configure AWS API Gateway to rotate IP addresses
-  help [command]         display help for command
-```
-
-### Lazy load
-```
-$ js-recon lazyload -h
-Usage: js-recon lazyload [options]
-
-Run lazy load module
-
-Options:
-  -u, --url <url/file>         Target URL or a file containing a list of URLs (one per line)
-  -o, --output <directory>     Output directory (default: "output")
-  --strict-scope               Download JS files from only the input URL domain (default: false)
-  -s, --scope <scope>          Download JS files from specific domains (comma-separated) (default: "*")
-  -t, --threads <threads>      Number of threads to use (default: 1)
-  --subsequent-requests        Download JS files from subsequent requests (default: false)
-  --urls-file <file>           Input JSON file containing URLs (default: "extracted_urls.json")
-  --api-gateway                Generate requests using API Gateway (default: false)
-  --api-gateway-config <file>  API Gateway config file (default: ".api_gateway_config.json")
-  -h, --help                   display help for command
-```
+A powerful tool for JavaScript reconnaissance. `js-recon` helps you discover, download, and analyze JavaScript files to uncover endpoints, secrets, and other valuable information from any web application running supported frameworks
 
-### Strings
-```
-$ js-recon strings -h
-Usage: js-recon strings [options]
-
-Extract strings from JS files
-
-Options:
-  -d, --directory <directory>  Directory containing JS files
-  -o, --output <file>          JSON file to save the strings (default: "strings.json")
-  -e, --extract-urls           Extract URLs from strings (default: false)
-  --extracted-url-path <file>  Output JSON file for extracted URLs and paths (default: "extracted_urls.json")
-  -h, --help                   display help for command
-```
+## Installation
 
-### API Gateway
-```
-$ js-recon api-gateway -h
-Usage: js-recon api-gateway [options]
-
-Configure AWS API Gateway to rotate IP addresses
-
-Options:
-  -i, --init                     Initialize the config file (create API) (default: false)
-  -d, --destroy <id>             Destroy API with the given ID
-  --destroy-all                  Destroy all the API created by this tool in all regions (default: false)
-  -r, --region <region>          AWS region (default: random region)
-  -a, --access-key <access-key>  AWS access key (if not provided, AWS_ACCESS_KEY_ID environment variable will be used)
-  -s, --secret-key <secret-key>  AWS secret key (if not provided, AWS_SECRET_ACCESS_KEY environment variable will be used)
-  -c, --config <config>          Name of the config file (default: ".api_gateway_config.json")
-  -l, --list                     List all the API created by this tool (default: false)
-  --feasibility                  Check feasibility of API Gateway (default: false)
-  --feasibility-url <url>        URL to check feasibility of
-  -h, --help                     display help for command
-```
+This tool requires Node.JS and `npm` to be installed. The [official download page](https://nodejs.org/en/download) can be referred. Please install **22.17.0 (LTS)** or later. Downloading older versions might break the tool.
 
-## Features
-### Download lazy loaded JS files
-You can download the lazy loaded files. To do so, you can run the following command
-```bash
-js-recon lazyload -u <url> -o <output>
-```
+To install the tool globally, run:
 
-For example, you can try this with [Vercel Docs](https://vercel.com/docs):
 ```bash
-js-recon lazyload -u https://vercel.com/docs
+npm i -g @shriyanss/js-recon
 ```
 
-Currently, the following JS frameworks are supported:
-- Next.js (read research [here](research/next_js.md))
+## Quick Start
 
-### Extract strings from JS files
-You can extract strings from JS files. To do so, you can run the following command
 ```bash
-js-recon strings -d <directory> -o <output>
-```
-
-For example, you can try this with [1Password](https://1password.com):
-```bash
-js-recon strings -d output/1password.com -o strings.json
-```
-
-## Examples
-### Get all possible JS files for a Next.js app
-*You can read the full research for the same [here](research/next_js.md#lazy-loaded-files)*
+# Get a list of all commands
+js-recon --help
 
-First of all, run the lazy load module (strict scope and 1 thread for accurate results) [research1](research/next_js.md#analysis-of-vercel-docs):
-```bash
-js-recon lazyload -u <url> -o <output> --strict-scope -t 1
+# Get help for a specific command
+js-recon <command> --help
 ```
 
-Then, get all the strings from the JS files found. Also, extract URLs and paths found in those JS files.:
-```bash
-js-recon strings -d <directory> -o <output> -e
-```
+To launch a quick assesment against a target, the `run` module can be used to automate other modules
 
-Finally, parse those URLs and paths to get more JS files (note the `--subsequent-requests` flag apart from `--strict-scope` and `--threads`) [research](research/next_js.md#analysis-of-xai):
 ```bash
-js-recon endpoints -u <url> -o <output> --strict-scope -t 1 --subsequent-requests
+js-recon run -u https://app.example.com
 ```
 
-### Use AWS API Gateway to rotate IP address on each request
-First of all, the user has to configure the API keys for AWS with right permissions to use the API Gateway module of the tool. The access key and the secret key can be stored in the environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` respectively. Alternatively, these can be provided as command line argument to the tool.
+## Commands
 
-Once this is done, the configuration file can be generated. The configuration file is a JSON file that contains the API Gateway information, including the API Gateway ID, region, access key, and secret key. This file is used by the tool in the runtime. The configuration file can be generated by running the following command:
-```bash
-js-recon api-gateway -i -r <region> -a <access-key> -s <secret-key>
-```
-If the region is not provided, the tool will select a random region from a pre-defined list. If the `-a` and `-s` flags aren't provided, it will default to the environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` respectively.
+`js-recon` provides a suite of commands for comprehensive JavaScript analysis. For detailed usage and examples, please refer to its full documentation.
 
-This command will generate a new API gateway in the specified region, which can be inspected on the AWS console. The API gateway ID will be stored in the configuration file. The configuration file can be found at `./.api_gateway_config.json` by default.
+**_The `lazyload` module will work on Next.JS, Nuxt.JS, and Svelte apps. All other modules are only expected to work on Next.JS apps._**
 
-The user can list the API gateways generated by running the following command:
-```bash
-js-recon api-gateway -l
-```
+| Command       | Description                                                                   | Documentation                      |
+| ------------- | ----------------------------------------------------------------------------- | ---------------------------------- |
+| `lazyload`    | Downloads dynamically loaded JavaScript files from a target.                  | [Read Docs](./docs/lazyload.md)    |
+| `endpoints`   | Extracts API endpoints and client-side paths from JS files.                   | [Read Docs](./docs/endpoints.md)   |
+| `strings`     | Extracts strings, URLs, and potential secrets from JS files.                  | [Read Docs](./docs/strings.md)     |
+| `map`         | Maps function calls and analyzes code, with optional AI-powered descriptions. | [Read Docs](./docs/map.md)         |
+| `api-gateway` | Manages AWS API Gateway for IP rotation to bypass rate limits.                | [Read Docs](./docs/api-gateway.md) |
+| `run`         | Runs all analysis modules automatically on a target.                          | [Read Docs](./docs/run.md)         |
 
-The user can generate as many API gateways as they want. The tool will automatically select a random API gateway from the configuration file to make requests to. Creating multiple gateways in different region can help in changing the region of the IP address on each request, however, **creating multiple gateways in the same region is not recommended** as AG will rotate the IP address on each request.
+## Key Features
 
-It is recommended to check if the firewall is blocking the requests from the API gateway. The user can do so by running the following command:
-```bash
-js-recon api-gateway --feasibility --feasibility-url <url>
-```
+- Downloads all dynamically loaded JS files (refered as `lazyload`) from website with supported frameworks
+- Use API gateway to rotate IP addresses to bypass firewall
+- Extract strings from the discovered JS files, and extract potential secrets, endpoints, etc. from them
+- Endpoints modules extracts client-side paths from the app
+- Map feature analyzes the JS files, and outputs it to a JSON file. An interactive mode can be then used to analyze it
 
-Next, the API gateway can be utilized for rotating the IP address on each request. To do so, the user can add the `--api-gateway` flag to the lazy load module. The user can also provide the API gateway config file using the `--api-gateway-config` flag if they have changed the defaults.
+## Example Scenario
 
-For example,
-```bash
-js-recon lazyload -u <url> -o <output> --api-gateway
-```
+Refer to [this page](./docs/example-scenario.md) where an example scenario of running this tool against a target is demonstrated.
 
-Now that the user has completed their task, they can delete the API gateway using the following command:
-```bash
-js-recon api-gateway -d <api-gateway-id>
-```
+## Documentation
 
-Alternatively, they can delete all the API gateways using the following command:
-```bash
-js-recon api-gateway --destroy-all
-```
+For detailed guides, command options, and advanced usage examples, please check out the **[full documentation here](./docs/README.md)**.

package/build/api_gateway/checkFeasibility.js

@@ -0,0 +1,32 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { get } from "./genReq.js";
+import chalk from "chalk";
+import checkFireWallBlocking from "./checkFireWallBlocking.js";
+const checkFeasibility = (url) => __awaiter(void 0, void 0, void 0, function* () {
+    console.log(chalk.cyan(`[i] Checking feasibility of API Gateway with ${url}`));
+    try {
+        // send 10 requests, and check if any of those contain any signs of blocking
+        for (let i = 0; i < 10; i++) {
+            const response = yield get(url);
+            const isFireWallBlocking = yield checkFireWallBlocking(response);
+            if (isFireWallBlocking) {
+                console.log(chalk.magenta("[!] Please try again without API Gateway"));
+                return;
+            }
+        }
+        console.log(chalk.green("[✓] Feasibility check passed."), chalk.dim("However, this doesn't represent the true nature of the firewall used."));
+    }
+    catch (error) {
+        console.log(chalk.red(`[!] An error occured in feasibility check: ${error}`));
+    }
+});
+export default checkFeasibility;
+//# sourceMappingURL=checkFeasibility.js.map

package/build/api_gateway/checkFeasibility.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkFeasibility.js","sourceRoot":"","sources":["../../src/api_gateway/checkFeasibility.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,qBAAqB,MAAM,4BAA4B,CAAC;AAE/D,MAAM,gBAAgB,GAAG,CAAO,GAAG,EAAE,EAAE;IACnC,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,IAAI,CAAC,gDAAgD,GAAG,EAAE,CAAC,CACpE,CAAC;IACF,IAAI,CAAC;QACD,4EAA4E;QAC5E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1B,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC;YAChC,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,QAAQ,CAAC,CAAC;YACjE,IAAI,kBAAkB,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,OAAO,CAAC,0CAA0C,CAAC,CAC5D,CAAC;gBACF,OAAO;YACX,CAAC;QACL,CAAC;QACD,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,KAAK,CAAC,+BAA+B,CAAC,EAC5C,KAAK,CAAC,GAAG,CACL,uEAAuE,CAC1E,CACJ,CAAC;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,GAAG,CAAC,8CAA8C,KAAK,EAAE,CAAC,CACnE,CAAC;IACN,CAAC;AACL,CAAC,CAAA,CAAC;AAEF,eAAe,gBAAgB,CAAC"}

package/build/api_gateway/checkFireWallBlocking.js

@@ -0,0 +1,24 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import chalk from "chalk";
+const checkFireWallBlocking = (body) => __awaiter(void 0, void 0, void 0, function* () {
+    // check common signs of CF first
+    if (body.includes("<title>Just a moment...</title>")) {
+        console.log(chalk.red("[!] Cloudflare detected"));
+        return true;
+    }
+    else if (body.includes("<title>Attention Required! | Cloudflare</title>")) {
+        console.log(chalk.red("[!] Cloudflare detected"));
+        return true;
+    }
+    return false;
+});
+export default checkFireWallBlocking;
+//# sourceMappingURL=checkFireWallBlocking.js.map

package/build/api_gateway/checkFireWallBlocking.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkFireWallBlocking.js","sourceRoot":"","sources":["../../src/api_gateway/checkFireWallBlocking.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,qBAAqB,GAAG,CAAO,IAAY,EAAoB,EAAE;IACnE,iCAAiC;IACjC,IAAI,IAAI,CAAC,QAAQ,CAAC,iCAAiC,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;IAChB,CAAC;SAAM,IACH,IAAI,CAAC,QAAQ,CAAC,iDAAiD,CAAC,EAClE,CAAC;QACC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC,CAAA,CAAC;AAEF,eAAe,qBAAqB,CAAC"}

package/build/api_gateway/genReq.js

@@ -0,0 +1,199 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { APIGatewayClient, CreateResourceCommand, GetResourcesCommand, PutMethodCommand, PutIntegrationCommand, 
+//   CreateDeploymentCommand,
+//   CreateStageCommand,
+PutIntegrationResponseCommand, PutMethodResponseCommand, TestInvokeMethodCommand, DeleteResourceCommand, } from "@aws-sdk/client-api-gateway";
+import fs from "fs";
+import md5 from "md5";
+import chalk from "chalk";
+import * as globals from "../utility/globals.js";
+import checkFireWallBlocking from "./checkFireWallBlocking.js";
+const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+/**
+ * Given a URL, generates a new API Gateway for it and returns the response of the URL.
+ * @param {string} url The URL to generate an API Gateway for.
+ * @param {object} [headers] The headers to include in the request.
+ * @returns {Promise<string>} The response of the URL.
+ */
+const get = (url_1, ...args_1) => __awaiter(void 0, [url_1, ...args_1], void 0, function* (url, headers = {}) {
+    // read the config file
+    // Load and parse API Gateway config with error handling
+    let config;
+    try {
+        config = JSON.parse(fs.readFileSync(globals.apiGatewayConfigFile, "utf8"));
+    }
+    catch (error) {
+        throw new Error(`Failed to read or parse API Gateway config file: ${error.message}`);
+    }
+    // select a random api gateway
+    let apiGateway = Object.keys(config)[Math.floor(Math.random() * Object.keys(config).length)];
+    const client = new APIGatewayClient({
+        region: config[apiGateway].region,
+        credentials: {
+            accessKeyId: config[apiGateway].access_key,
+            secretAccessKey: config[apiGateway].secret_key,
+        },
+    });
+    // get the root resource id
+    const getResourceCommand = new GetResourcesCommand({
+        restApiId: config[apiGateway].id,
+        limit: 999999999,
+    });
+    const getResourceResponse = yield client.send(getResourceCommand);
+    yield sleep(200);
+    // before creating a resource, check if the resource already exists
+    const resourceExists = getResourceResponse.items.find(
+    // file deepcode ignore InsecureHash: False positive
+    (item) => item.pathPart === md5(url));
+    let newResourceResponse;
+    if (resourceExists) {
+        // console.log(chalk.yellow("[!] Resource already exists"));
+        newResourceResponse = {
+            id: resourceExists.id,
+        };
+    }
+    else {
+        // create a new resource
+        let rootId;
+        if (getResourceResponse.items.find((item) => item.path === "/")) {
+            rootId = getResourceResponse.items.find((item) => item.path === "/").id;
+        }
+        else {
+            rootId = getResourceResponse.items[0].parentId;
+        }
+        const newResourceCommand = new CreateResourceCommand({
+            restApiId: config[apiGateway].id,
+            parentId: rootId,
+            pathPart: md5(url), // md5 of the url
+        });
+        newResourceResponse = yield client.send(newResourceCommand);
+        yield sleep(200);
+        // add a new method
+        const newMethodCommand = new PutMethodCommand({
+            restApiId: config[apiGateway].id,
+            resourceId: newResourceResponse.id,
+            httpMethod: "GET",
+            authorizationType: "NONE",
+            requestParameters: {
+                "method.request.header.RSC": false,
+                "method.request.header.User-Agent": false,
+                "method.request.header.Referer": false,
+                "method.request.header.Accept": false,
+                "method.request.header.Accept-Language": false,
+                "method.request.header.Accept-Encoding": false,
+                "method.request.header.Content-Type": false,
+                "method.request.header.Content-Length": false,
+                "method.request.header.Origin": false,
+                "method.request.header.X-Forwarded-For": false,
+                "method.request.header.X-Forwarded-Host": false,
+                "method.request.header.X-IP": false,
+                "method.request.header.X-Forwarded-Proto": false,
+                "method.request.header.X-Forwarded-Port": false,
+                "method.request.header.Sec-Fetch-Site": false,
+                "method.request.header.Sec-Fetch-Mode": false,
+                "method.request.header.Sec-Fetch-Dest": false,
+            },
+        });
+        const newMethodResponse = yield client.send(newMethodCommand);
+        yield sleep(100);
+        // create new integration
+        const newIntegrationCommand = new PutIntegrationCommand({
+            restApiId: config[apiGateway].id,
+            resourceId: newResourceResponse.id,
+            httpMethod: "GET",
+            integrationHttpMethod: "GET",
+            type: "HTTP",
+            timeoutInMillis: 29000,
+            uri: url,
+        });
+        const newIntegrationResponse = yield client.send(newIntegrationCommand);
+        yield sleep(100);
+        // create a new method response
+        const newMethodResponseCommand = new PutMethodResponseCommand({
+            httpMethod: "GET",
+            resourceId: newResourceResponse.id,
+            restApiId: config[apiGateway].id,
+            statusCode: "200",
+        });
+        const newMethodResponseResponse = yield client.send(newMethodResponseCommand);
+        yield sleep(100);
+        // put integration response
+        const putIntegrationResponseCommand = new PutIntegrationResponseCommand({
+            httpMethod: "GET",
+            resourceId: newResourceResponse.id,
+            restApiId: config[apiGateway].id,
+            statusCode: "200",
+        });
+        const putIntegrationResponseResponse = yield client.send(putIntegrationResponseCommand);
+        yield sleep(100);
+    }
+    // Generate dynamic stage name
+    //   const dynamicStageName = `prod-${Date.now()}-${Math.random().toString(36).substring(2, 7)}`;
+    //   console.log(chalk.blue(`[*] Using dynamic stage name: ${dynamicStageName}`));
+    // Create a deployment
+    //   const createDeploymentCommand = new CreateDeploymentCommand({
+    //     restApiId: config[apiGateway].id,
+    //     stageName: dynamicStageName,
+    //     description: `Deployment for ${url} at ${new Date().toISOString()} to stage ${dynamicStageName}`,
+    //   });
+    //   const deploymentResponse = await client.send(createDeploymentCommand);
+    //   console.log(chalk.green("[+] Deployment created:"), deploymentResponse.id);
+    //   await sleep(100);
+    const testInvokeMethodQuery = new TestInvokeMethodCommand({
+        httpMethod: "GET",
+        resourceId: newResourceResponse.id,
+        restApiId: config[apiGateway].id,
+        headers: headers || {},
+    });
+    const testInvokeMethodResponse = yield client.send(testInvokeMethodQuery);
+    yield sleep(100);
+    const body = yield testInvokeMethodResponse.body;
+    // check if any firewall is there in the way
+    const isFireWallBlocking = yield checkFireWallBlocking(body);
+    // delete the resource
+    const deleteResourceCommand = new DeleteResourceCommand({
+        restApiId: config[apiGateway].id,
+        resourceId: newResourceResponse.id,
+    });
+    try {
+        yield client.send(deleteResourceCommand);
+    }
+    catch (err) {
+        console.error(chalk.red(`[!] Error when sending delete resource command to AWS: ${err}`));
+    }
+    if (isFireWallBlocking) {
+        console.log(chalk.magenta("[!] Please try again without API Gateway"));
+        process.exit(1);
+    }
+    return body;
+    // create a new stage
+    //   dynamicStageName = `prod-${Date.now()}-${Math.random().toString(36).substring(2, 7)}`;
+    //   const newStageCommand = new CreateStageCommand({
+    //     restApiId: config[apiGateway].id,
+    //     stageName: dynamicStageName, // Use dynamic stage name
+    //     deploymentId: deploymentResponse.id, // Use the ID from the deployment
+    //     cacheClusterEnabled: false,
+    //     // cacheClusterSize: "0", // Removed as cacheClusterEnabled is false
+    //     methodSettings: [
+    //       {
+    //         httpMethod: "*",
+    //         // resourceId: "*", // This might need to be more specific if you don't want it for all resources
+    //         throttlingBurstLimit: 5,
+    //         throttlingRateLimit: 10,
+    //       },
+    //     ],
+    //   });
+    //   const newStageResponse = await client.send(newStageCommand);
+    //   await sleep(100);
+    //   console.log(newStageResponse);
+});
+export { get };
+//# sourceMappingURL=genReq.js.map

package/build/api_gateway/genReq.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"genReq.js","sourceRoot":"","sources":["../../src/api_gateway/genReq.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EACH,gBAAgB,EAChB,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,EAChB,qBAAqB;AACrB,6BAA6B;AAC7B,wBAAwB;AACxB,6BAA6B,EAC7B,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,GACxB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,OAAO,MAAM,uBAAuB,CAAC;AACjD,OAAO,qBAAqB,MAAM,4BAA4B,CAAC;AAE/D,MAAM,KAAK,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAExE;;;;;GAKG;AACH,MAAM,GAAG,GAAG,mBAAuD,EAAE,0DAAlD,GAAW,EAAE,UAAc,EAAE;IAC5C,uBAAuB;IACvB,wDAAwD;IACxD,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACD,MAAM,GAAG,IAAI,CAAC,KAAK,CACf,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CACxD,CAAC;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACX,oDAAoD,KAAK,CAAC,OAAO,EAAE,CACtE,CAAC;IACN,CAAC;IACD,8BAA8B;IAC9B,IAAI,UAAU,GACV,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CACf,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CACzD,CAAC;IAEN,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC;QAChC,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM;QACjC,WAAW,EAAE;YACT,WAAW,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,UAAU;YAC1C,eAAe,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,UAAU;SACjD;KACJ,CAAC,CAAC;IAEH,2BAA2B;IAC3B,MAAM,kBAAkB,GAAG,IAAI,mBAAmB,CAAC;QAC/C,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE;QAChC,KAAK,EAAE,SAAS;KACnB,CAAC,CAAC;IACH,MAAM,mBAAmB,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAClE,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;IAEjB,mEAAmE;IACnE,MAAM,cAAc,GAAG,mBAAmB,CAAC,KAAK,CAAC,IAAI;IACjD,oDAAoD;IACpD,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,CAAC,GAAG,CAAC,CACvC,CAAC;IAEF,IAAI,mBAAmB,CAAC;IACxB,IAAI,cAAc,EAAE,CAAC;QACjB,4DAA4D;QAC5D,mBAAmB,GAAG;YAClB,EAAE,EAAE,cAAc,CAAC,EAAE;SACxB,CAAC;IACN,CAAC;SAAM,CAAC;QACJ,wBAAwB;QACxB,IAAI,MAAM,CAAC;QACX,IAAI,mBAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YAC9D,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,IAAI,CACnC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,GAAG,CAC9B,CAAC,EAAE,CAAC;QACT,CAAC;aAAM,CAAC;YACJ,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACnD,CAAC;QACD,MAAM,kBAAkB,GAAG,IAAI,qBAAqB,CAAC;YACjD,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE;YAChC,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,iBAAiB;SACxC,CAAC,CAAC;QACH,mBAAmB,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC5D,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QAEjB,mBAAmB;QACnB,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,CAAC;YAC1C,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE;YAChC,UAAU,EAAE,mBAAmB,CAAC,EAAE;YAClC,UAAU,EAAE,KAAK;YACjB,iBAAiB,EAAE,MAAM;YACzB,iBAAiB,EAAE;gBACf,2BAA2B,EAAE,KAAK;gBAClC,kCAAkC,EAAE,KAAK;gBACzC,+BAA+B,EAAE,KAAK;gBACtC,8BAA8B,EAAE,KAAK;gBACrC,uCAAuC,EAAE,KAAK;gBAC9C,uCAAuC,EAAE,KAAK;gBAC9C,oCAAoC,EAAE,KAAK;gBAC3C,sCAAsC,EAAE,KAAK;gBAC7C,8BAA8B,EAAE,KAAK;gBACrC,uCAAuC,EAAE,KAAK;gBAC9C,wCAAwC,EAAE,KAAK;gBAC/C,4BAA4B,EAAE,KAAK;gBACnC,yCAAyC,EAAE,KAAK;gBAChD,wCAAwC,EAAE,KAAK;gBAC/C,sCAAsC,EAAE,KAAK;gBAC7C,sCAAsC,EAAE,KAAK;gBAC7C,sCAAsC,EAAE,KAAK;aAChD;SACJ,CAAC,CAAC;QACH,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QAEjB,yBAAyB;QACzB,MAAM,qBAAqB,GAAG,IAAI,qBAAqB,CAAC;YACpD,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE;YAChC,UAAU,EAAE,mBAAmB,CAAC,EAAE;YAClC,UAAU,EAAE,KAAK;YACjB,qBAAqB,EAAE,KAAK;YAC5B,IAAI,EAAE,MAAM;YACZ,eAAe,EAAE,KAAK;YACtB,GAAG,EAAE,GAAG;SACX,CAAC,CAAC;QACH,MAAM,sBAAsB,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACxE,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QAEjB,+BAA+B;QAC/B,MAAM,wBAAwB,GAAG,IAAI,wBAAwB,CAAC;YAC1D,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,mBAAmB,CAAC,EAAE;YAClC,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE;YAChC,UAAU,EAAE,KAAK;SACpB,CAAC,CAAC;QACH,MAAM,yBAAyB,GAAG,MAAM,MAAM,CAAC,IAAI,CAC/C,wBAAwB,CAC3B,CAAC;QACF,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QAEjB,2BAA2B;QAC3B,MAAM,6BAA6B,GAAG,IAAI,6BAA6B,CACnE;YACI,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,mBAAmB,CAAC,EAAE;YAClC,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE;YAChC,UAAU,EAAE,KAAK;SACpB,CACJ,CAAC;QACF,MAAM,8BAA8B,GAAG,MAAM,MAAM,CAAC,IAAI,CACpD,6BAA6B,CAChC,CAAC;QACF,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IAED,8BAA8B;IAC9B,iGAAiG;IACjG,kFAAkF;IAElF,sBAAsB;IACtB,kEAAkE;IAClE,wCAAwC;IACxC,mCAAmC;IACnC,wGAAwG;IACxG,QAAQ;IACR,2EAA2E;IAC3E,gFAAgF;IAChF,sBAAsB;IAEtB,MAAM,qBAAqB,GAAG,IAAI,uBAAuB,CAAC;QACtD,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,mBAAmB,CAAC,EAAE;QAClC,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE;QAChC,OAAO,EAAE,OAAO,IAAI,EAAE;KACzB,CAAC,CAAC;IACH,MAAM,wBAAwB,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC1E,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;IAEjB,MAAM,IAAI,GAAG,MAAM,wBAAwB,CAAC,IAAI,CAAC;IAEjD,4CAA4C;IAC5C,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAE7D,sBAAsB;IACtB,MAAM,qBAAqB,GAAG,IAAI,qBAAqB,CAAC;QACpD,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE;QAChC,UAAU,EAAE,mBAAmB,CAAC,EAAE;KACrC,CAAC,CAAC;IACH,IAAI,CAAC;QACD,MAAM,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CACT,KAAK,CAAC,GAAG,CACL,0DAA0D,GAAG,EAAE,CAClE,CACJ,CAAC;IACN,CAAC;IAED,IAAI,kBAAkB,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,0CAA0C,CAAC,CAAC,CAAC;QACvE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,IAAI,CAAC;IAEZ,qBAAqB;IACrB,2FAA2F;IAC3F,qDAAqD;IACrD,wCAAwC;IACxC,6DAA6D;IAC7D,6EAA6E;IAC7E,kCAAkC;IAClC,2EAA2E;IAC3E,wBAAwB;IACxB,UAAU;IACV,2BAA2B;IAC3B,4GAA4G;IAC5G,mCAAmC;IACnC,mCAAmC;IACnC,WAAW;IACX,SAAS;IACT,QAAQ;IACR,iEAAiE;IACjE,sBAAsB;IACtB,mCAAmC;AACvC,CAAC,CAAA,CAAC;AAEF,OAAO,EAAE,GAAG,EAAE,CAAC"}