@shriyanss/js-recon 1.0.0 → 1.1.0-beta.2

package/package.json

@@ -1,40 +1,52 @@
 {
-  "name": "@shriyanss/js-recon",
-  "version": "1.0.0",
-  "description": "JS Recon Tool",
-  "main": "index.js",
-  "bin": {
-    "js-recon": "./index.js"
-  },
-  "scripts": {
-    "start": "node index.js"
-  },
-  "keywords": [],
-  "author": "Shriyans Sudhi",
-  "license": "MIT",
-  "dependencies": {
-    "@aws-sdk/client-api-gateway": "^3.829.0",
-    "@babel/parser": "^7.27.4",
-    "@babel/traverse": "^7.27.4",
-    "@babel/types": "^7.27.6",
-    "chalk": "^5.4.1",
-    "cheerio": "^1.0.0",
-    "commander": "^14.0.0",
-    "fs": "^0.0.1-security",
-    "inquirer": "^12.6.3",
-    "md5": "^2.3.0",
-    "path": "^0.12.7",
-    "prettier": "^3.5.3",
-    "puppeteer": "^24.9.0",
-    "ses": "^1.13.0"
-  },
-  "type": "module",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/shriyanss/js-recon.git"
-  },
-  "bugs": {
-    "url": "https://github.com/shriyanss/js-recon/issues"
-  },
-  "homepage": "https://github.com/shriyanss/js-recon#readme"
+    "name": "@shriyanss/js-recon",
+    "version": "1.1.0-beta.2",
+    "description": "JS Recon Tool",
+    "main": "build/index.js",
+    "type": "module",
+    "bin": {
+        "js-recon": "build/index.js"
+    },
+    "types": "build/index.d.ts",
+    "scripts": {
+        "build": "rm -rf build/ && tsc",
+        "start": "node build/index.js",
+        "test": "node build/index.js -h"
+    },
+    "keywords": [],
+    "author": "Shriyans Sudhi",
+    "license": "MIT",
+    "dependencies": {
+        "@aws-sdk/client-api-gateway": "^3.829.0",
+        "@babel/parser": "^7.27.4",
+        "@babel/traverse": "^7.27.4",
+        "@babel/types": "^7.27.6",
+        "@types/chalk": "^0.4.31",
+        "blessed": "^0.1.81",
+        "chalk": "^5.4.1",
+        "cheerio": "^1.0.0",
+        "cli-highlight": "^2.1.11",
+        "commander": "^14.0.0",
+        "fs": "^0.0.2",
+        "inquirer": "^12.6.3",
+        "md5": "^2.3.0",
+        "ollama": "^0.5.16",
+        "openai": "^5.8.2",
+        "path": "^0.12.7",
+        "prettier": "^3.5.3",
+        "puppeteer": "^24.11.2",
+        "ses": "^1.13.0"
+    },
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/shriyanss/js-recon.git"
+    },
+    "bugs": {
+        "url": "https://github.com/shriyanss/js-recon/issues"
+    },
+    "homepage": "https://github.com/shriyanss/js-recon#readme",
+    "devDependencies": {
+        "ts-node": "^10.9.2",
+        "tsconfig-paths": "^4.2.0"
+    }
 }

package/api_gateway/checkFeasibility.js

@@ -1,25 +0,0 @@
-import { get } from "./genReq.js";
-import chalk from "chalk";
-import checkFireWallBlocking from "./checkFireWallBlocking.js";
-
-const checkFeasibility = async (url) => {
-  console.log(chalk.cyan(`[i] Checking feasibility of API Gateway with ${url}`));
-  try {
-    // send 10 requests, and check if any of those contain any signs of blocking
-    for (let i = 0; i < 10; i++) {
-      const response = await get(url);
-      const isFireWallBlocking = await checkFireWallBlocking(response);
-      if (isFireWallBlocking) {
-        console.log(chalk.magenta("[!] Please try again without API Gateway"));
-        return;
-      }
-    }
-    console.log(chalk.green("[✓] Feasibility check passed."), chalk.dim("However, this doesn't represent the true nature of the firewall used."));
-  } catch (error) {
-    console.log(
-      chalk.red(`[!] An error occured in feasibility check: ${error}`),
-    );
-  }
-};
-
-export default checkFeasibility;

package/api_gateway/checkFireWallBlocking.js

@@ -1,17 +0,0 @@
-import chalk from "chalk";
-
-const checkFireWallBlocking = async (body) => {
-
-    // check common signs of CF first
-    if (body.includes("<title>Just a moment...</title>")) {
-        console.log(chalk.red("[!] Cloudflare detected"));
-        return true;
-    } else if (body.includes("<title>Attention Required! | Cloudflare</title>")) {
-        console.log(chalk.red("[!] Cloudflare detected"));
-        return true;
-    }
-    
-    return false;
-};
-
-export default checkFireWallBlocking;

package/api_gateway/genReq.js

@@ -1,214 +0,0 @@
-import {
-  APIGatewayClient,
-  CreateResourceCommand,
-  GetResourcesCommand,
-  PutMethodCommand,
-  PutIntegrationCommand,
-  //   CreateDeploymentCommand,
-  //   CreateStageCommand,
-  PutIntegrationResponseCommand,
-  PutMethodResponseCommand,
-  TestInvokeMethodCommand,
-  DeleteResourceCommand,
-} from "@aws-sdk/client-api-gateway";
-import fs from "fs";
-import md5 from "md5";
-import chalk from "chalk";
-import * as globals from "../utility/globals.js";
-import checkFireWallBlocking from "./checkFireWallBlocking.js";
-
-const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
-
-/**
- * Given a URL, generates a new API Gateway for it and returns the response of the URL.
- * @param {string} url The URL to generate an API Gateway for.
- * @param {object} [headers] The headers to include in the request.
- * @returns {Promise<string>} The response of the URL.
- */
-const get = async (url, headers) => {
-  // read the config file
-  let config = JSON.parse(fs.readFileSync(globals.apiGatewayConfigFile));
-  // select a random api gateway
-  let apiGateway =
-    Object.keys(config)[Math.floor(Math.random() * Object.keys(config).length)];
-
-  const client = new APIGatewayClient({
-    region: config[apiGateway].region,
-    credentials: {
-      accessKeyId: config[apiGateway].access_key,
-      secretAccessKey: config[apiGateway].secret_key,
-    },
-  });
-
-  // get the root resource id
-  const getResourceCommand = new GetResourcesCommand({
-    restApiId: config[apiGateway].id,
-    limit: 999999999,
-  });
-  const getResourceResponse = await client.send(getResourceCommand);
-  await sleep(200);
-
-  // before creating a resource, check if the resource already exists
-  const resourceExists = getResourceResponse.items.find(
-    (item) => item.pathPart === md5(url),
-  );
-
-  let newResourceResponse;
-  if (resourceExists) {
-    // console.log(chalk.yellow("[!] Resource already exists"));
-    newResourceResponse = {
-      id: resourceExists.id,
-    };
-  } else {
-    // create a new resource
-    let rootId;
-    if (getResourceResponse.items.find((item) => item.path === "/")) {
-      rootId = getResourceResponse.items.find((item) => item.path === "/").id;
-    } else {
-      rootId = getResourceResponse.items[0].parentId;
-    }
-    const newResourceCommand = new CreateResourceCommand({
-      restApiId: config[apiGateway].id,
-      parentId: rootId,
-      pathPart: md5(url), // md5 of the url
-    });
-    newResourceResponse = await client.send(newResourceCommand);
-    await sleep(200);
-
-    // add a new method
-    const newMethodCommand = new PutMethodCommand({
-      restApiId: config[apiGateway].id,
-      resourceId: newResourceResponse.id,
-      httpMethod: "GET",
-      authorizationType: "NONE",
-      requestParameters: {
-        "method.request.header.RSC": false,
-        "method.request.header.User-Agent": false,
-        "method.request.header.Referer": false,
-        "method.request.header.Accept": false,
-        "method.request.header.Accept-Language": false,
-        "method.request.header.Accept-Encoding": false,
-        "method.request.header.Content-Type": false,
-        "method.request.header.Content-Length": false,
-        "method.request.header.Origin": false,
-        "method.request.header.X-Forwarded-For": false,
-        "method.request.header.X-Forwarded-Host": false,
-        "method.request.header.X-IP": false,
-        "method.request.header.X-Forwarded-Proto": false,
-        "method.request.header.X-Forwarded-Port": false,
-        "method.request.header.Sec-Fetch-Site": false,
-        "method.request.header.Sec-Fetch-Mode": false,
-        "method.request.header.Sec-Fetch-Dest": false,
-      },
-      integrationHttpMethod: "GET",
-      type: "HTTP",
-      timeoutInMillis: 29000,
-    });
-    const newMethodResponse = await client.send(newMethodCommand);
-    await sleep(100);
-
-    // create new integration
-    const newIntegrationCommand = new PutIntegrationCommand({
-      restApiId: config[apiGateway].id,
-      resourceId: newResourceResponse.id,
-      httpMethod: "GET",
-      integrationHttpMethod: "GET",
-      type: "HTTP",
-      timeoutInMillis: 29000,
-      uri: url,
-    });
-    const newIntegrationResponse = await client.send(newIntegrationCommand);
-    await sleep(100);
-
-    // create a new method response
-    const newMethodResponseCommand = new PutMethodResponseCommand({
-      httpMethod: "GET",
-      resourceId: newResourceResponse.id,
-      restApiId: config[apiGateway].id,
-      statusCode: "200",
-    });
-    const newMethodResponseResponse = await client.send(
-      newMethodResponseCommand,
-    );
-    await sleep(100);
-
-    // put integration response
-    const putIntegrationResponseCommand = new PutIntegrationResponseCommand({
-      httpMethod: "GET",
-      resourceId: newResourceResponse.id,
-      restApiId: config[apiGateway].id,
-      statusCode: "200",
-    });
-    const putIntegrationResponseResponse = await client.send(
-      putIntegrationResponseCommand,
-    );
-    await sleep(100);
-  }
-
-  // Generate dynamic stage name
-  //   const dynamicStageName = `prod-${Date.now()}-${Math.random().toString(36).substring(2, 7)}`;
-  //   console.log(chalk.blue(`[*] Using dynamic stage name: ${dynamicStageName}`));
-
-  // Create a deployment
-  //   const createDeploymentCommand = new CreateDeploymentCommand({
-  //     restApiId: config[apiGateway].id,
-  //     stageName: dynamicStageName,
-  //     description: `Deployment for ${url} at ${new Date().toISOString()} to stage ${dynamicStageName}`,
-  //   });
-  //   const deploymentResponse = await client.send(createDeploymentCommand);
-  //   console.log(chalk.green("[+] Deployment created:"), deploymentResponse.id);
-  //   await sleep(100);
-
-  const testInvokeMethodQuery = new TestInvokeMethodCommand({
-    httpMethod: "GET",
-    resourceId: newResourceResponse.id,
-    restApiId: config[apiGateway].id,
-    headers: headers || {},
-  });
-  const testInvokeMethodResponse = await client.send(testInvokeMethodQuery);
-  await sleep(100);
-
-  const body = await testInvokeMethodResponse.body;
-
-  // check if any firewall is there in the way
-  const isFireWallBlocking = await checkFireWallBlocking(body);
-
-  // delete the resource
-  const deleteResourceCommand = new DeleteResourceCommand({
-    restApiId: config[apiGateway].id,
-    resourceId: newResourceResponse.id,
-  });
-  try {
-    await client.send(deleteResourceCommand);
-  } catch {}
-
-  if (isFireWallBlocking) {
-    console.log(chalk.magenta("[!] Please try again without API Gateway"));
-    process.exit(1);
-  }
-
-  return body;
-
-  // create a new stage
-  //   dynamicStageName = `prod-${Date.now()}-${Math.random().toString(36).substring(2, 7)}`;
-  //   const newStageCommand = new CreateStageCommand({
-  //     restApiId: config[apiGateway].id,
-  //     stageName: dynamicStageName, // Use dynamic stage name
-  //     deploymentId: deploymentResponse.id, // Use the ID from the deployment
-  //     cacheClusterEnabled: false,
-  //     // cacheClusterSize: "0", // Removed as cacheClusterEnabled is false
-  //     methodSettings: [
-  //       {
-  //         httpMethod: "*",
-  //         // resourceId: "*", // This might need to be more specific if you don't want it for all resources
-  //         throttlingBurstLimit: 5,
-  //         throttlingRateLimit: 10,
-  //       },
-  //     ],
-  //   });
-  //   const newStageResponse = await client.send(newStageCommand);
-  //   await sleep(100);
-  //   console.log(newStageResponse);
-};
-
-export { get };

package/api_gateway/index.js

@@ -1,325 +0,0 @@
-import chalk from "chalk";
-import {
-  APIGatewayClient,
-  CreateRestApiCommand,
-  DeleteRestApiCommand,
-} from "@aws-sdk/client-api-gateway";
-import fs from "fs";
-import checkFeasibility from "./checkFeasibility.js";
-
-// read the docs for all the methods for api gateway at https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/api-gateway/
-// for the rate limits, refer to https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html
-
-const randomRegion = () => {
-  const apiGatewayRegions = [
-    "us-east-2", // US East (Ohio)
-    "us-east-1", // US East (N. Virginia)
-    "us-west-1", // US West (N. California)
-    "us-west-2", // US West (Oregon)
-    "af-south-1", // Africa (Cape Town)
-    "ap-east-1", // Asia Pacific (Hong Kong)
-    "ap-south-2", // Asia Pacific (Hyderabad)
-    "ap-southeast-3", // Asia Pacific (Jakarta)
-    "ap-southeast-5", // Asia Pacific (Malaysia)
-    "ap-southeast-4", // Asia Pacific (Melbourne)
-    "ap-south-1", // Asia Pacific (Mumbai)
-    "ap-northeast-3", // Asia Pacific (Osaka)
-    "ap-northeast-2", // Asia Pacific (Seoul)
-    "ap-southeast-1", // Asia Pacific (Singapore)
-    "ap-southeast-2", // Asia Pacific (Sydney)
-    "ap-east-2", // Asia Pacific (Taipei)
-    "ap-southeast-7", // Asia Pacific (Thailand)
-    "ap-northeast-1", // Asia Pacific (Tokyo)
-    "ca-central-1", // Canada (Central)
-    "ca-west-1", // Canada West (Calgary)
-    "eu-central-1", // Europe (Frankfurt)
-    "eu-west-1", // Europe (Ireland)
-    "eu-west-2", // Europe (London)
-    "eu-south-1", // Europe (Milan)
-    "eu-west-3", // Europe (Paris)
-    "eu-south-2", // Europe (Spain)
-    "eu-north-1", // Europe (Stockholm)
-    "eu-central-2", // Europe (Zurich)
-    "il-central-1", // Israel (Tel Aviv)
-    "mx-central-1", // Mexico (Central)
-    "me-south-1", // Middle East (Bahrain)
-    "me-central-1", // Middle East (UAE)
-    "sa-east-1", // South America (São Paulo)
-  ];
-  return apiGatewayRegions[
-    Math.floor(Math.random() * apiGatewayRegions.length)
-  ];
-};
-
-let aws_access_key;
-let aws_secret_key;
-let region;
-let configFile;
-
-const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
-
-  /**
-   * Create a new API Gateway.
-   *
-   * @async
-   * @returns {Promise<void>}
-   */
-const createGateway = async () => {
-  console.log(chalk.cyan("[i] Creating API Gateway"));
-  const client = new APIGatewayClient({
-    region,
-    credentials: {
-      accessKeyId: aws_access_key,
-      secretAccessKey: aws_secret_key,
-    },
-  });
-
-  const apigw_created_at = Date.now();
-  const apigw_name = `js_recon-${apigw_created_at}-${Math.floor(Math.random() * 1000)}`;
-  const command = new CreateRestApiCommand({
-    name: apigw_name,
-    description: `API Gateway for JS Recon created at ${new Intl.DateTimeFormat(
-      "en-US",
-      {
-        year: "numeric",
-        month: "long",
-        day: "2-digit",
-        hour: "2-digit",
-        minute: "2-digit",
-        second: "2-digit",
-        timeZoneName: "short",
-      },
-    ).format(apigw_created_at)}`,
-    endpointConfiguration: {
-      ipAddressType: "dualstack",
-      types: ["REGIONAL"],
-    },
-  });
-  const response = await client.send(command);
-  await sleep(3000);
-  console.log(chalk.green(`[✓] Created API Gateway`));
-  console.log(chalk.bgGreen("ID:"), chalk.green(response.id));
-  console.log(chalk.bgGreen("Name:"), chalk.green(apigw_name));
-  console.log(chalk.bgGreen("Region:"), chalk.green(region));
-
-  // load the config file if any. Else, create a new one
-  let config = {};
-  try {
-    config = JSON.parse(fs.readFileSync(configFile));
-  } catch (e) {
-    config = {};
-  }
-
-  config[apigw_name] = {
-    id: response.id,
-    name: apigw_name,
-    description: response.description,
-    created_at: apigw_created_at,
-    region: region,
-    access_key: aws_access_key,
-    secret_key: aws_secret_key,
-  };
-
-  fs.writeFileSync(configFile, JSON.stringify(config, null, 2));
-  console.log(chalk.green(`[✓] Config saved to ${configFile}`));
-};
-
-/**
- * Destroy an API Gateway.
- *
- * @async
- * @param {string} id - The ID of the API Gateway to destroy.
- * @returns {Promise<void>}
- */
-const destroyGateway = async (id) => {
-  console.log(chalk.cyan("[i] Destroying API Gateway"));
-  if (!id) {
-    console.log(chalk.red("[!] Please provide an API Gateway ID"));
-    return;
-  }
-  //   read the config file
-  let config = JSON.parse(fs.readFileSync(configFile));
-  //   get the name of the api gateway
-  let name = Object.keys(config).find((key) => config[key].id === id);
-
-  console.log(chalk.bgGreen("Name:"), chalk.green(name));
-  console.log(chalk.bgGreen("ID:"), chalk.green(id));
-  console.log(chalk.bgGreen("Region:"), chalk.green(config[name].region));
-  region = config[name].region;
-
-  const client = new APIGatewayClient({
-    region,
-    credentials: {
-      accessKeyId: aws_access_key,
-      secretAccessKey: aws_secret_key,
-    },
-  });
-
-  const command = new DeleteRestApiCommand({
-    restApiId: id,
-  });
-  await client.send(command);
-
-  // remove from the config file
-  delete config[name];
-  fs.writeFileSync(configFile, JSON.stringify(config, null, 2));
-
-  await sleep(30000);
-
-  console.log(chalk.green(`[✓] Destroyed API Gateway: ${id}`));
-};
-
-/**
- * Destroy all API Gateways.
- *
- * @async
- * @returns {Promise<void>}
- */
-const destroyAllGateways = async () => {
-  console.log(chalk.cyan("[i] Destroying all API Gateways"));
-  //   read the config file
-  let config = JSON.parse(fs.readFileSync(configFile));
-
-  //   destroy all the gateways
-  for (const [key, value] of Object.entries(config)) {
-    const client = new APIGatewayClient({
-      region: value.region,
-      credentials: {
-        accessKeyId: aws_access_key,
-        secretAccessKey: aws_secret_key,
-      },
-    });
-    console.log(
-      chalk.cyan(
-        `[i] Destroying API Gateway: ${key} : ${value.id} : ${value.region}`,
-      ),
-    );
-
-    const command = new DeleteRestApiCommand({
-      restApiId: value.id,
-    });
-    await sleep(30000);
-    await client.send(command);
-    console.log(
-      chalk.green(
-        `[✓] Destroyed API Gateway: ${key} : ${value.id} : ${value.region}`,
-      ),
-    );
-  }
-
-  // nullify the config file
-  fs.writeFileSync(configFile, JSON.stringify({}, null, 2));
-  console.log(chalk.green("[✓] Destroyed all API Gateways"));
-};
-
-/**
- * List all API Gateways.
- *
- * @async
- * @returns {Promise<void>}
- */
-const listGateways = async () => {
-  console.log(chalk.cyan("[i] Listing all API Gateways"));
-
-  // read the config file, and list these
-
-  // check if the config file exists
-  if (!fs.existsSync(configFile)) {
-    console.log(chalk.red("[!] Config file does not exist"));
-    return;
-  }
-
-  const config = JSON.parse(fs.readFileSync(configFile));
-
-  //   if list is empty
-  if (Object.keys(config).length === 0) {
-    console.log(chalk.red("[!] No API Gateways found"));
-    return;
-  }
-
-  console.log(chalk.green("[✓] List of API Gateways"));
-
-  for (const [key, value] of Object.entries(config)) {
-    console.log(chalk.bgGreen("Name:"), chalk.green(key));
-    console.log(chalk.bgGreen("ID:"), chalk.green(value.id));
-    console.log(chalk.bgGreen("Region:"), chalk.green(value.region));
-    console.log("\n");
-  }
-};
-
-/**
- * Main function for API Gateway.
- *
- * @async
- * @param {boolean} initInput - Whether to initialize the API Gateway.
- * @param {string} destroyInput - The ID of the API Gateway to destroy.
- * @param {boolean} destroyAllInput - Whether to destroy all API Gateways.
- * @param {boolean} listInput - Whether to list all API Gateways.
- * @param {string} regionInput - The region to use.
- * @param {string} accessKey - The access key to use.
- * @param {string} secretKey - The secret key to use.
- * @param {string} configInput - The config file to use.
- * @returns {Promise<void>}
- */
-const apiGateway = async (
-  initInput,
-  destroyInput,
-  destroyAllInput,
-  listInput,
-  regionInput,
-  accessKey,
-  secretKey,
-  configInput,
-  feasibilityInput,
-  feasibilityUrlInput,
-) => {
-  console.log(chalk.cyan("[i] Loading 'API Gateway' module"));
-
-  // if feasibility is true, check feasibility
-  if (feasibilityInput) {
-    if (!feasibilityUrlInput) {
-      console.log(chalk.red("[!] Please provide a URL to check feasibility of"));
-      return;
-    }
-    await checkFeasibility(feasibilityUrlInput);
-    return;
-  }
-
-  // configure the access and secret key
-  aws_access_key = accessKey || process.env.AWS_ACCESS_KEY_ID || undefined;
-  aws_secret_key = secretKey || process.env.AWS_SECRET_ACCESS_KEY || undefined;
-  region = regionInput || randomRegion();
-  configFile = configInput || "config.json";
-
-  if (!aws_access_key || !aws_secret_key) {
-    console.log(chalk.red("[!] AWS Access Key or Secret Key not found"));
-    return;
-  }
-
-  console.log(chalk.cyan(`[i] Using region: ${region}`));
-
-  const keyMask = (key) => {
-    if (key.length < 6) return key;
-    return key.slice(0, 4) + "..." + key.slice(-4);
-  };
-  console.log(chalk.cyan(`[i] Using access key: ${keyMask(aws_access_key)}`));
-
-  // create a new API gateway
-  if (initInput) {
-    await createGateway();
-  } else if (destroyInput) {
-    await destroyGateway(destroyInput);
-  } else if (destroyAllInput) {
-    await destroyAllGateways();
-  } else if (listInput) {
-    await listGateways();
-  } else {
-    console.log(
-      chalk.red(
-        "[!] Please provide a valid action (-i/--init or -d/--destroy or --destroy-all)",
-      ),
-    );
-  }
-};
-
-export default apiGateway;

package/endpoints/index.js

@@ -1,7 +0,0 @@
-import chalk from "chalk";
-
-const endpoints = () => {
-    console.log(chalk.green("Feature under development. Check back later :)"));
-};
-
-export default endpoints;