@shriyanss/js-recon 1.0.0 → 1.1.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. package/.github/workflows/build-and-prettify.yaml +65 -0
  2. package/.github/workflows/npm-publish.yml +35 -0
  3. package/.prettierignore +2 -0
  4. package/.prettierrc +4 -0
  5. package/CHANGELOG.md +50 -0
  6. package/README.md +35 -139
  7. package/build/api_gateway/checkFeasibility.js +32 -0
  8. package/build/api_gateway/checkFeasibility.js.map +1 -0
  9. package/build/api_gateway/checkFireWallBlocking.js +24 -0
  10. package/build/api_gateway/checkFireWallBlocking.js.map +1 -0
  11. package/build/api_gateway/genReq.js +199 -0
  12. package/build/api_gateway/genReq.js.map +1 -0
  13. package/build/api_gateway/index.js +275 -0
  14. package/build/api_gateway/index.js.map +1 -0
  15. package/build/endpoints/gen_report/gen_json.js +22 -0
  16. package/build/endpoints/gen_report/gen_json.js.map +1 -0
  17. package/build/endpoints/gen_report/gen_markdown.js +66 -0
  18. package/build/endpoints/gen_report/gen_markdown.js.map +1 -0
  19. package/build/endpoints/gen_report/utility/iterate_n_store.js +46 -0
  20. package/build/endpoints/gen_report/utility/iterate_n_store.js.map +1 -0
  21. package/build/endpoints/index.js +89 -0
  22. package/build/endpoints/index.js.map +1 -0
  23. package/build/endpoints/next_js/client_jsFilesHref.js +91 -0
  24. package/build/endpoints/next_js/client_jsFilesHref.js.map +1 -0
  25. package/build/endpoints/next_js/client_jsonParse.js +78 -0
  26. package/build/endpoints/next_js/client_jsonParse.js.map +1 -0
  27. package/build/endpoints/next_js/client_subsequentRequests.js +199 -0
  28. package/build/endpoints/next_js/client_subsequentRequests.js.map +1 -0
  29. package/build/endpoints/next_js/getWebpacks.js +45 -0
  30. package/build/endpoints/next_js/getWebpacks.js.map +1 -0
  31. package/build/globalConfig.js +11 -0
  32. package/build/globalConfig.js.map +1 -0
  33. package/build/index.js +166 -0
  34. package/build/index.js.map +1 -0
  35. package/build/lazyLoad/downloadFilesUtil.js +128 -0
  36. package/build/lazyLoad/downloadFilesUtil.js.map +1 -0
  37. package/build/lazyLoad/downloadLoadedJsUtil.js +51 -0
  38. package/build/lazyLoad/downloadLoadedJsUtil.js.map +1 -0
  39. package/build/lazyLoad/globals.js +22 -0
  40. package/build/lazyLoad/globals.js.map +1 -0
  41. package/build/lazyLoad/index.js +170 -0
  42. package/build/lazyLoad/index.js.map +1 -0
  43. package/build/lazyLoad/next_js/next_GetJSScript.js +94 -0
  44. package/build/lazyLoad/next_js/next_GetJSScript.js.map +1 -0
  45. package/build/lazyLoad/next_js/next_GetLazyResources.js +202 -0
  46. package/build/lazyLoad/next_js/next_GetLazyResources.js.map +1 -0
  47. package/build/lazyLoad/next_js/next_SubsequentRequests.js +120 -0
  48. package/build/lazyLoad/next_js/next_SubsequentRequests.js.map +1 -0
  49. package/build/lazyLoad/nuxt_js/nuxt_astParse.js +188 -0
  50. package/build/lazyLoad/nuxt_js/nuxt_astParse.js.map +1 -0
  51. package/build/lazyLoad/nuxt_js/nuxt_getFromPageSource.js +75 -0
  52. package/build/lazyLoad/nuxt_js/nuxt_getFromPageSource.js.map +1 -0
  53. package/build/lazyLoad/nuxt_js/nuxt_stringAnalysisJSFiles.js +94 -0
  54. package/build/lazyLoad/nuxt_js/nuxt_stringAnalysisJSFiles.js.map +1 -0
  55. package/build/lazyLoad/svelte/svelte_getFromPageSource.js +68 -0
  56. package/build/lazyLoad/svelte/svelte_getFromPageSource.js.map +1 -0
  57. package/build/lazyLoad/svelte/svelte_stringAnalysisJSFiles.js +95 -0
  58. package/build/lazyLoad/svelte/svelte_stringAnalysisJSFiles.js.map +1 -0
  59. package/build/map/index.js +58 -0
  60. package/build/map/index.js.map +1 -0
  61. package/build/map/next_js/getFetchInstances.js +108 -0
  62. package/build/map/next_js/getFetchInstances.js.map +1 -0
  63. package/build/map/next_js/getWebpackConnections.js +227 -0
  64. package/build/map/next_js/getWebpackConnections.js.map +1 -0
  65. package/build/map/next_js/interactive.js +32 -0
  66. package/build/map/next_js/interactive.js.map +1 -0
  67. package/build/map/next_js/interactive_helpers/commandHandler.js +190 -0
  68. package/build/map/next_js/interactive_helpers/commandHandler.js.map +1 -0
  69. package/build/map/next_js/interactive_helpers/commandHelpers.js +91 -0
  70. package/build/map/next_js/interactive_helpers/commandHelpers.js.map +1 -0
  71. package/build/map/next_js/interactive_helpers/helpMenu.js +11 -0
  72. package/build/map/next_js/interactive_helpers/helpMenu.js.map +1 -0
  73. package/build/map/next_js/interactive_helpers/keybindings.js +80 -0
  74. package/build/map/next_js/interactive_helpers/keybindings.js.map +1 -0
  75. package/build/map/next_js/interactive_helpers/printer.js +17 -0
  76. package/build/map/next_js/interactive_helpers/printer.js.map +1 -0
  77. package/build/map/next_js/interactive_helpers/ui.js +81 -0
  78. package/build/map/next_js/interactive_helpers/ui.js.map +1 -0
  79. package/build/map/next_js/resolveFetch.js +201 -0
  80. package/build/map/next_js/resolveFetch.js.map +1 -0
  81. package/build/run/index.js +62 -0
  82. package/build/run/index.js.map +1 -0
  83. package/build/strings/index.js +238 -0
  84. package/build/strings/index.js.map +1 -0
  85. package/build/strings/openapi.js +55 -0
  86. package/build/strings/openapi.js.map +1 -0
  87. package/build/strings/permutate.js +55 -0
  88. package/build/strings/permutate.js.map +1 -0
  89. package/build/strings/secrets.js +89 -0
  90. package/build/strings/secrets.js.map +1 -0
  91. package/build/techDetect/index.js +229 -0
  92. package/build/techDetect/index.js.map +1 -0
  93. package/build/utility/ai.js +69 -0
  94. package/build/utility/ai.js.map +1 -0
  95. package/build/utility/globals.js +84 -0
  96. package/build/utility/globals.js.map +1 -0
  97. package/build/utility/interfaces.js +2 -0
  98. package/build/utility/interfaces.js.map +1 -0
  99. package/build/utility/makeReq.js +265 -0
  100. package/build/utility/makeReq.js.map +1 -0
  101. package/build/utility/resolvePath.js +44 -0
  102. package/build/utility/resolvePath.js.map +1 -0
  103. package/{utility → build/utility}/runSandboxed.js +10 -13
  104. package/build/utility/runSandboxed.js.map +1 -0
  105. package/{utility → build/utility}/urlUtils.js +9 -11
  106. package/build/utility/urlUtils.js.map +1 -0
  107. package/docs/CNAME +1 -0
  108. package/docs/README.md +20 -0
  109. package/docs/api-gateway.md +68 -0
  110. package/docs/endpoints.md +49 -0
  111. package/docs/example-scenario.md +258 -0
  112. package/docs/interactive-mode.md +76 -0
  113. package/docs/lazyload.md +56 -0
  114. package/docs/map.md +53 -0
  115. package/docs/run.md +54 -0
  116. package/docs/strings.md +75 -0
  117. package/package.json +50 -38
  118. package/api_gateway/checkFeasibility.js +0 -25
  119. package/api_gateway/checkFireWallBlocking.js +0 -17
  120. package/api_gateway/genReq.js +0 -214
  121. package/api_gateway/index.js +0 -325
  122. package/endpoints/index.js +0 -7
  123. package/globalConfig.js +0 -12
  124. package/index.js +0 -69
  125. package/lazyLoad/downloadFilesUtil.js +0 -122
  126. package/lazyLoad/downloadLoadedJsUtil.js +0 -54
  127. package/lazyLoad/globals.js +0 -15
  128. package/lazyLoad/index.js +0 -167
  129. package/lazyLoad/next_js/next_GetJSScript.js +0 -99
  130. package/lazyLoad/next_js/next_GetLazyResources.js +0 -201
  131. package/lazyLoad/next_js/next_SubsequentRequests.js +0 -138
  132. package/lazyLoad/nuxt_js/nuxt_astParse.js +0 -194
  133. package/lazyLoad/nuxt_js/nuxt_getFromPageSource.js +0 -77
  134. package/lazyLoad/nuxt_js/nuxt_stringAnalysisJSFiles.js +0 -99
  135. package/research/firewall_bypass.md +0 -38
  136. package/research/next_js.md +0 -116
  137. package/research/nuxt_js.md +0 -125
  138. package/research/vue_js.md +0 -9
  139. package/strings/index.js +0 -145
  140. package/techDetect/index.js +0 -156
  141. package/utility/globals.js +0 -6
  142. package/utility/makeReq.js +0 -179
  143. package/utility/resolvePath.js +0 -43
package/build/strings/index.js ADDED
@@ -0,0 +1,238 @@
1
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
2
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
3
+ return new (P || (P = Promise))(function (resolve, reject) {
4
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
5
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
6
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
7
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
8
+ });
9
+ };
10
+ import chalk from "chalk";
11
+ import fs from "fs";
12
+ import path from "path";
13
+ import parser from "@babel/parser";
14
+ import prettier from "prettier";
15
+ import secrets from "./secrets.js";
16
+ import permutate from "./permutate.js";
17
+ import openapi from "./openapi.js";
18
+ /**
19
+ * Recursively extracts strings from a babel AST node.
20
+ * This is a deeper search than just StringLiterals.
21
+ * @param {object} node - The AST node to traverse.
22
+ * @returns {string[]} - An array of extracted strings.
23
+ */
24
+ function extractStrings(node) {
25
+ const strings = new Set();
26
+ const seen = new WeakSet();
27
+ function recurse(currentNode) {
28
+ if (!currentNode ||
29
+ typeof currentNode !== "object" ||
30
+ seen.has(currentNode)) {
31
+ return;
32
+ }
33
+ seen.add(currentNode);
34
+ if (Array.isArray(currentNode)) {
35
+ currentNode.forEach((item) => recurse(item));
36
+ return;
37
+ }
38
+ if (currentNode.type === "StringLiteral") {
39
+ strings.add(currentNode.value);
40
+ }
41
+ else if (currentNode.type === "TemplateLiteral") {
42
+ currentNode.quasis.forEach((q) => {
43
+ if (q.value.cooked) {
44
+ strings.add(q.value.cooked);
45
+ }
46
+ });
47
+ }
48
+ Object.keys(currentNode).forEach((key) => {
49
+ // Avoid traversing location properties and other non-node properties
50
+ if ([
51
+ "loc",
52
+ "start",
53
+ "end",
54
+ "extra",
55
+ "raw",
56
+ "comments",
57
+ "leadingComments",
58
+ "trailingComments",
59
+ "innerComments",
60
+ ].includes(key))
61
+ return;
62
+ recurse(currentNode[key]);
63
+ });
64
+ }
65
+ recurse(node);
66
+ return Array.from(strings);
67
+ }
68
+ /**
69
+ * Extracts all string literals from all .js files in a given directory and its
70
+ * subdirectories and writes them to a JSON file.
71
+ * @param {string} directory - The directory to scan for .js files
72
+ * @param {string} output_file - The file to write the extracted strings to
73
+ */
74
+ const strings = (directory, output_file, extract_urls, extracted_url_path, scan_secrets, permutate_option, openapi_option) => __awaiter(void 0, void 0, void 0, function* () {
75
+ console.log(chalk.cyan("[i] Loading 'Strings' module"));
76
+ // check if the directory exists
77
+ if (!fs.existsSync(directory)) {
78
+ console.log(chalk.red("[!] Directory does not exist"));
79
+ return;
80
+ }
81
+ console.log(chalk.cyan(`[i] Scanning ${directory} directory`));
82
+ // get all files in the directory and sub-directories
83
+ const files = fs.readdirSync(directory, {
84
+ recursive: true,
85
+ encoding: "utf8",
86
+ });
87
+ // filter out non JS files
88
+ let jsFiles = files.filter((file) => file.endsWith(".js"));
89
+ // filter out subsequent requests files
90
+ // jsFiles = jsFiles.filter((file) => !file.startsWith("___subsequent_requests"));
91
+ // read all JS files
92
+ let js_files_path = [];
93
+ for (const file of jsFiles) {
94
+ const filePath = path.join(directory, file);
95
+ if (!fs.lstatSync(filePath).isDirectory()) {
96
+ js_files_path.push(filePath);
97
+ }
98
+ }
99
+ console.log(chalk.cyan(`[i] Found ${js_files_path.length} JS files`));
100
+ // read all JS files
101
+ let all_strings = {};
102
+ for (const file of js_files_path) {
103
+ if (file.includes("___subsequent_requests")) {
104
+ // iterate through the file line by line
105
+ const lines = fs.readFileSync(file, "utf-8").split("\n");
106
+ let strings = [];
107
+ for (const line of lines) {
108
+ // if the line matches with a particular regex, then extract the JS snippet
109
+ if (line.match(/^[0-9a-z]+:\[.+/)) {
110
+ // get the JS snippet
111
+ let jsCode;
112
+ try {
113
+ jsCode = `[${line.match(/\[(.+)\]/)[1]}]`;
114
+ }
115
+ catch (err) {
116
+ continue;
117
+ }
118
+ // parse the JS snippet with babel
119
+ let ast;
120
+ try {
121
+ ast = parser.parse(jsCode, {
122
+ sourceType: "unambiguous",
123
+ plugins: ["jsx", "typescript"],
124
+ });
125
+ }
126
+ catch (err) {
127
+ continue;
128
+ }
129
+ const extracted = extractStrings(ast);
130
+ strings.push(...extracted);
131
+ }
132
+ }
133
+ all_strings[file] = strings;
134
+ }
135
+ else {
136
+ const fileContent = fs.readFileSync(file, "utf-8");
137
+ // parse the file contents with babel
138
+ const ast = parser.parse(fileContent, {
139
+ sourceType: "unambiguous",
140
+ plugins: ["jsx", "typescript"],
141
+ });
142
+ all_strings[file] = extractStrings(ast);
143
+ }
144
+ }
145
+ let strings_count = 0;
146
+ for (const file of Object.keys(all_strings)) {
147
+ strings_count += all_strings[file].length;
148
+ }
149
+ console.log(chalk.cyan(`[i] Extracted ${strings_count} strings`));
150
+ // write to a JSON file
151
+ const formatted = yield prettier.format(JSON.stringify(all_strings), {
152
+ parser: "json",
153
+ printWidth: 80,
154
+ singleQuote: true,
155
+ });
156
+ fs.writeFileSync(output_file, formatted);
157
+ console.log(chalk.green(`[✓] Extracted strings to ${output_file}`));
158
+ // if -p is enabled, but not -e, or the same case with the --openapi flag
159
+ if ((permutate_option && !extract_urls) ||
160
+ (openapi_option && !extract_urls)) {
161
+ console.log(chalk.red("[!] Please enable -e flag for -p or --openapi flag"));
162
+ return;
163
+ }
164
+ // if the -e flag is enabled, extract the URLs also
165
+ if (extract_urls) {
166
+ console.log(chalk.cyan("[i] Extracting URLs and paths from strings"));
167
+ let urls = [];
168
+ let paths = [];
169
+ for (const file of Object.keys(all_strings)) {
170
+ for (const string of all_strings[file]) {
171
+ if (string.match(/^https?:\/\/[a-zA-Z0-9\.\-_]+\/?.*$/)) {
172
+ // like https://site.com
173
+ urls.push(string);
174
+ }
175
+ if (string.match(/^\/.+$/)) {
176
+ // like /path/resource
177
+ // make sure that the path doesn't start with two special chars except '/_'
178
+ if (string.match(/^\/[^a-zA-Z0-9]/) &&
179
+ !string.startsWith("/_")) {
180
+ // ignore the path
181
+ }
182
+ else {
183
+ paths.push(string);
184
+ }
185
+ }
186
+ if (string.match(/^[a-zA-Z0-9_\-]\/[a-zA-Z0-9_\-].*$/)) {
187
+ // like path/to/resource
188
+ paths.push(string);
189
+ }
190
+ if (string.startsWith("./") || string.startsWith("../")) {
191
+ // like "./path/to/resource" or "../path/to/resource"
192
+ paths.push(string);
193
+ }
194
+ }
195
+ }
196
+ // dedupe the two lists
197
+ urls = [...new Set(urls)];
198
+ paths = [...new Set(paths)];
199
+ console.log(chalk.cyan(`[i] Found ${urls.length} URLs and ${paths.length} paths`));
200
+ // write to a JSON file
201
+ const formatted_urls = yield prettier.format(JSON.stringify({ urls, paths }), {
202
+ parser: "json",
203
+ printWidth: 80,
204
+ singleQuote: true,
205
+ });
206
+ fs.writeFileSync(`${extracted_url_path}.json`, formatted_urls);
207
+ console.log(chalk.green(`[✓] Written URLs and paths to ${extracted_url_path}.json`));
208
+ if (permutate_option) {
209
+ yield permutate(urls, paths, extracted_url_path);
210
+ }
211
+ if (openapi_option) {
212
+ yield openapi(paths, extracted_url_path);
213
+ }
214
+ }
215
+ if (scan_secrets) {
216
+ console.log(chalk.cyan("[i] Scanning for secrets"));
217
+ let total_secrets = 0;
218
+ for (const file of js_files_path) {
219
+ const fileContent = fs.readFileSync(file, "utf8");
220
+ const foundSecrets = yield secrets(fileContent);
221
+ if (foundSecrets.length > 0) {
222
+ for (const foundSecret of foundSecrets) {
223
+ console.log(chalk.green(`[✓] Found ${foundSecret.name} in ${file}`));
224
+ console.log(chalk.bgGreen(foundSecret.value));
225
+ total_secrets++;
226
+ }
227
+ }
228
+ }
229
+ if (total_secrets === 0) {
230
+ console.log(chalk.yellow(`[!] No secrets found`));
231
+ }
232
+ else {
233
+ console.log(chalk.green(`[✓] Found ${total_secrets} secrets`));
234
+ }
235
+ }
236
+ });
237
+ export default strings;
238
+ //# sourceMappingURL=index.js.map
package/build/strings/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/strings/index.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,MAAM,MAAM,eAAe,CAAC;AACnC,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,SAAS,MAAM,gBAAgB,CAAC;AACvC,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC;;;;;GAKG;AACH,SAAS,cAAc,CAAC,IAAI;IACxB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;IAC1B,MAAM,IAAI,GAAG,IAAI,OAAO,EAAE,CAAC;IAE3B,SAAS,OAAO,CAAC,WAAW;QACxB,IACI,CAAC,WAAW;YACZ,OAAO,WAAW,KAAK,QAAQ;YAC/B,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,EACvB,CAAC;YACC,OAAO;QACX,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAEtB,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7B,WAAW,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7C,OAAO;QACX,CAAC;QAED,IAAI,WAAW,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;aAAM,IAAI,WAAW,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YAChD,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC7B,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;oBACjB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAChC,CAAC;YACL,CAAC,CAAC,CAAC;QACP,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACrC,qEAAqE;YACrE,IACI;gBACI,KAAK;gBACL,OAAO;gBACP,KAAK;gBACL,OAAO;gBACP,KAAK;gBACL,UAAU;gBACV,iBAAiB;gBACjB,kBAAkB;gBAClB,eAAe;aAClB,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAEf,OAAO;YACX,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;IACP,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,GAAG,CACZ,SAAS,EACT,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,gBAAgB,EAChB,cAAc,EAChB,EAAE;IACA,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;IAExD,gCAAgC;IAChC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACvD,OAAO;IACX,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,YAAY,CAAC,CAAC,CAAC;IAE/D,qDAAqD;IACrD,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE;QACpC,SAAS,EAAE,IAAI;QACf,QAAQ,EAAE,MAAM;KACnB,CAAC,CAAC;IAEH,0BAA0B;IAC1B,IAAI,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAE3D,uCAAuC;IACvC,kFAAkF;IAElF,oBAAoB;IACpB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YACxC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,aAAa,CAAC,MAAM,WAAW,CAAC,CAAC,CAAC;IAEtE,oBAAoB;IACpB,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QAC/B,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;YAC1C,wCAAwC;YACxC,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACzD,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACvB,2EAA2E;gBAC3E,IAAI,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAChC,qBAAqB;oBACrB,IAAI,MAAM,CAAC;oBACX,IAAI,CAAC;wBACD,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;oBAC9C,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACX,SAAS;oBACb,CAAC;oBAED,kCAAkC;oBAClC,IAAI,GAAG,CAAC;oBACR,IAAI,CAAC;wBACD,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE;4BACvB,UAAU,EAAE,aAAa;4BACzB,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC;yBACjC,CAAC,CAAC;oBACP,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACX,SAAS;oBACb,CAAC;oBAED,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;oBACtC,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;gBAC/B,CAAC;YACL,CAAC;YACD,WAAW,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;QAChC,CAAC;aAAM,CAAC;YACJ,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAEnD,qCAAqC;YACrC,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE;gBAClC,UAAU,EAAE,aAAa;gBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC;aACjC,CAAC,CAAC;YAEH,WAAW,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QAC5C,CAAC;IACL,CAAC;IAED,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QAC1C,aAAa,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;IAC9C,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,aAAa,UAAU,CAAC,CAAC,CAAC;IAElE,uBAAuB;IACvB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE;QACjE,MAAM,EAAE,MAAM;QACd,UAAU,EAAE,EAAE;QACd,WAAW,EAAE,IAAI;KACpB,CAAC,CAAC;IACH,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAEzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,4BAA4B,WAAW,EAAE,CAAC,CAAC,CAAC;IAEpE,yEAAyE;IACzE,IACI,CAAC,gBAAgB,IAAI,CAAC,YAAY,CAAC;QACnC,CAAC,cAAc,IAAI,CAAC,YAAY,CAAC,EACnC,CAAC;QACC,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAClE,CAAC;QACF,OAAO;IACX,CAAC;IAED,mDAAmD;IACnD,IAAI,YAAY,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC,CAAC;QAEtE,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,IAAI,KAAK,GAAG,EAAE,CAAC;QAEf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC1C,KAAK,MAAM,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,IAAI,MAAM,CAAC,KAAK,CAAC,qCAAqC,CAAC,EAAE,CAAC;oBACtD,wBAAwB;oBACxB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACtB,CAAC;gBACD,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACzB,sBAAsB;oBACtB,2EAA2E;oBAC3E,IACI,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC;wBAC/B,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,EAC1B,CAAC;wBACC,kBAAkB;oBACtB,CAAC;yBAAM,CAAC;wBACJ,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBACvB,CAAC;gBACL,CAAC;gBACD,IAAI,MAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,EAAE,CAAC;oBACrD,wBAAwB;oBACxB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACvB,CAAC;gBACD,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;oBACtD,qDAAqD;oBACrD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACvB,CAAC;YACL,CAAC;QACL,CAAC;QAED,uBAAuB;QACvB,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1B,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;QAE5B,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,IAAI,CACN,aAAa,IAAI,CAAC,MAAM,aAAa,KAAK,CAAC,MAAM,QAAQ,CAC5D,CACJ,CAAC;QAEF,uBAAuB;QACvB,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,MAAM,CACxC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAC/B;YACI,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,EAAE;YACd,WAAW,EAAE,IAAI;SACpB,CACJ,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,GAAG,kBAAkB,OAAO,EAAE,cAAc,CAAC,CAAC;QAE/D,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,KAAK,CACP,iCAAiC,kBAAkB,OAAO,CAC7D,CACJ,CAAC;QAEF,IAAI,gBAAgB,EAAE,CAAC;YACnB,MAAM,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACjB,MAAM,OAAO,CAAC,KAAK,EAAE,kBAAkB,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC;QAEpD,IAAI,aAAa,GAAG,CAAC,CAAC;QAEtB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YAC/B,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAClD,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;YAChD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1B,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;oBACrC,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,KAAK,CAAC,aAAa,WAAW,CAAC,IAAI,OAAO,IAAI,EAAE,CAAC,CAC1D,CAAC;oBACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC;oBAC9C,aAAa,EAAE,CAAC;gBACpB,CAAC;YACL,CAAC;QACL,CAAC;QAED,IAAI,aAAa,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,aAAa,UAAU,CAAC,CAAC,CAAC;QACnE,CAAC;IACL,CAAC;AACL,CAAC,CAAA,CAAC;AAEF,eAAe,OAAO,CAAC"}
package/build/strings/openapi.js ADDED
@@ -0,0 +1,55 @@
1
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
2
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
3
+ return new (P || (P = Promise))(function (resolve, reject) {
4
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
5
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
6
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
7
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
8
+ });
9
+ };
10
+ import chalk from "chalk";
11
+ import { writeFile } from "fs/promises";
12
+ const openapi = (paths, output_file) => __awaiter(void 0, void 0, void 0, function* () {
13
+ console.log(chalk.cyan("[i] Generating OpenAPI v3 file"));
14
+ const openapiData = {
15
+ openapi: "3.0.0",
16
+ info: {
17
+ title: "API Collection",
18
+ description: "A collection of API endpoints discovered by js-recon.",
19
+ version: "1.0.0",
20
+ },
21
+ servers: [
22
+ {
23
+ url: "{{baseUrl}}",
24
+ description: "Base URL for the API",
25
+ },
26
+ ],
27
+ paths: {},
28
+ };
29
+ for (const p of paths) {
30
+ const pathKey = p.startsWith("/") ? p : `/${p}`;
31
+ if (!openapiData.paths[pathKey]) {
32
+ openapiData.paths[pathKey] = {};
33
+ }
34
+ // Assuming GET method for all paths for now.
35
+ // This can be expanded later.
36
+ openapiData.paths[pathKey].get = {
37
+ summary: `Discovered endpoint: ${pathKey}`,
38
+ description: `An endpoint discovered at ${pathKey}.`,
39
+ responses: {
40
+ 200: {
41
+ description: "Successful response. The actual response will vary.",
42
+ },
43
+ },
44
+ };
45
+ }
46
+ try {
47
+ yield writeFile(`${output_file}-openapi.json`, JSON.stringify(openapiData, null, 2));
48
+ console.log(chalk.green(`[✓] OpenAPI v3 file saved to: ${output_file}-openapi.json`));
49
+ }
50
+ catch (error) {
51
+ console.error(chalk.red(`[!] Error writing OpenAPI file: ${error.message}`));
52
+ }
53
+ });
54
+ export default openapi;
55
+ //# sourceMappingURL=openapi.js.map
package/build/strings/openapi.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"openapi.js","sourceRoot":"","sources":["../../src/strings/openapi.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,MAAM,OAAO,GAAG,CAAO,KAAK,EAAE,WAAW,EAAE,EAAE;IACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAE1D,MAAM,WAAW,GAAG;QAChB,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACF,KAAK,EAAE,gBAAgB;YACvB,WAAW,EACP,uDAAuD;YAC3D,OAAO,EAAE,OAAO;SACnB;QACD,OAAO,EAAE;YACL;gBACI,GAAG,EAAE,aAAa;gBAClB,WAAW,EAAE,sBAAsB;aACtC;SACJ;QACD,KAAK,EAAE,EAAE;KACZ,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACpC,CAAC;QACD,6CAA6C;QAC7C,8BAA8B;QAC9B,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,GAAG;YAC7B,OAAO,EAAE,wBAAwB,OAAO,EAAE;YAC1C,WAAW,EAAE,6BAA6B,OAAO,GAAG;YACpD,SAAS,EAAE;gBACP,GAAG,EAAE;oBACD,WAAW,EACP,qDAAqD;iBAC5D;aACJ;SACJ,CAAC;IACN,CAAC;IAED,IAAI,CAAC;QACD,MAAM,SAAS,CACX,GAAG,WAAW,eAAe,EAC7B,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CACvC,CAAC;QACF,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,KAAK,CACP,iCAAiC,WAAW,eAAe,CAC9D,CACJ,CAAC;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CACT,KAAK,CAAC,GAAG,CAAC,mCAAmC,KAAK,CAAC,OAAO,EAAE,CAAC,CAChE,CAAC;IACN,CAAC;AACL,CAAC,CAAA,CAAC;AAEF,eAAe,OAAO,CAAC"}
package/build/strings/permutate.js ADDED
@@ -0,0 +1,55 @@
1
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
2
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
3
+ return new (P || (P = Promise))(function (resolve, reject) {
4
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
5
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
6
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
7
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
8
+ });
9
+ };
10
+ import chalk from "chalk";
11
+ import fs from "fs";
12
+ const permutate = (urls, paths, output) => __awaiter(void 0, void 0, void 0, function* () {
13
+ console.log(chalk.cyan("[i] Permutating URLs and paths"));
14
+ let permutedUrls = [];
15
+ // go through each URL
16
+ for (const url of urls) {
17
+ // check if the URL is valid or not by passing to URL
18
+ try {
19
+ new URL(url);
20
+ }
21
+ catch (err) {
22
+ continue;
23
+ }
24
+ // now that's a valid URL, get the base URL from it
25
+ const baseUrl = new URL(url).origin;
26
+ // go through each path
27
+ for (const path of paths) {
28
+ // join the baseurl and the path, and push it to an array
29
+ permutedUrls.push(new URL(path, baseUrl).href);
30
+ }
31
+ }
32
+ // append all the urls also
33
+ permutedUrls.push(...urls);
34
+ // get the origin aka baseurl, and push those also
35
+ for (const url of urls) {
36
+ try {
37
+ permutedUrls.push(new URL(url).origin);
38
+ }
39
+ catch (_a) { }
40
+ }
41
+ // deduplicate
42
+ permutedUrls = [...new Set(permutedUrls)];
43
+ // write to a .txt file
44
+ const results = permutedUrls.join("\n");
45
+ try {
46
+ fs.writeFileSync(`${output}.txt`, results);
47
+ console.log(chalk.green(`[✓] Written permuted URLs to ${output}.txt`));
48
+ }
49
+ catch (error) {
50
+ console.error(chalk.red(`[✗] Failed to write to ${output}.txt: ${error.message}`));
51
+ throw error;
52
+ }
53
+ });
54
+ export default permutate;
55
+ //# sourceMappingURL=permutate.js.map
package/build/strings/permutate.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"permutate.js","sourceRoot":"","sources":["../../src/strings/permutate.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,MAAM,SAAS,GAAG,CACd,IAAc,EACd,KAAe,EACf,MAAc,EACD,EAAE;IACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAE1D,IAAI,YAAY,GAAG,EAAE,CAAC;IAEtB,wBAAwB;IACxB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACrB,qDAAqD;QACrD,IAAI,CAAC;YACD,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,SAAS;QACb,CAAC;QAED,mDAAmD;QACnD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QAEpC,uBAAuB;QACvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACvB,yDAAyD;YACzD,YAAY,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,YAAY,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;IAE3B,kDAAkD;IAClD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,CAAC;YACD,YAAY,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;QAAC,WAAM,CAAC,CAAA,CAAC;IACd,CAAC;IAED,cAAc;IACd,YAAY,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IAE1C,uBAAuB;IACvB,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC;QACD,EAAE,CAAC,aAAa,CAAC,GAAG,MAAM,MAAM,EAAE,OAAO,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,gCAAgC,MAAM,MAAM,CAAC,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CACT,KAAK,CAAC,GAAG,CAAC,0BAA0B,MAAM,SAAS,KAAK,CAAC,OAAO,EAAE,CAAC,CACtE,CAAC;QACF,MAAM,KAAK,CAAC;IAChB,CAAC;AACL,CAAC,CAAA,CAAC;AAEF,eAAe,SAAS,CAAC"}
package/build/strings/secrets.js ADDED
@@ -0,0 +1,89 @@
1
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
2
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
3
+ return new (P || (P = Promise))(function (resolve, reject) {
4
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
5
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
6
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
7
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
8
+ });
9
+ };
10
+ // file deepcode ignore HardcodedNonCryptoSecret: False positive
11
+ const secret_patterns = {
12
+ Cloudinary: "cloudinary://.*",
13
+ "Firebase URL": ".*firebaseio\\.com",
14
+ "Slack Token": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
15
+ "RSA private key": "-----BEGIN RSA PRIVATE KEY-----",
16
+ "SSH (DSA) private key": "-----BEGIN DSA PRIVATE KEY-----",
17
+ "SSH (EC) private key": "-----BEGIN EC PRIVATE KEY-----",
18
+ "PGP private key block": "-----BEGIN PGP PRIVATE KEY BLOCK-----",
19
+ "Amazon AWS Access Key ID": "AKIA[0-9A-Z]{16}",
20
+ "Amazon MWS Auth Token": "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}",
21
+ "Facebook Access Token": "EAACEdEose0cBA[0-9A-Za-z]+",
22
+ "Facebook OAuth": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]",
23
+ GitHub: "[g|G][i|I][t|T][h|H][u|U][b|B].*['|\"][0-9a-zA-Z]{35,40}['|\"]",
24
+ "Generic API Key": "[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
25
+ "Generic Secret": "[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
26
+ "Google API Key": "AIza[0-9A-Za-z\\-_]{35}",
27
+ "Google Cloud Platform API Key": "AIza[0-9A-Za-z\\-_]{35}",
28
+ "Google Cloud Platform OAuth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
29
+ "Google Drive API Key": "AIza[0-9A-Za-z\\-_]{35}",
30
+ "Google Drive OAuth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
31
+ "Google (GCP) Service-account": '\\"type\\": \\"service_account\\"',
32
+ "Google Gmail API Key": "AIza[0-9A-Za-z\\-_]{35}",
33
+ "Google Gmail OAuth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
34
+ "Google OAuth Access Token": "ya29\\.[0-9A-Za-z\\-_]+",
35
+ "Google YouTube API Key": "AIza[0-9A-Za-z\\-_]{35}",
36
+ "Google YouTube OAuth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
37
+ "Heroku API Key - 1": "[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
38
+ "Heroku API Key - 2": "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}",
39
+ "MailChimp API Key": "[0-9a-f]{32}-us[0-9]{1,2}",
40
+ "Mailgun API Key": "key-[0-9a-zA-Z]{32}",
41
+ "Password in URL": "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\\\"'\\s]",
42
+ "PayPal Braintree Access Token": "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}",
43
+ "Picatic API Key": "sk_live_[0-9a-z]{32}",
44
+ "Slack Webhook": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
45
+ "Stripe API Key": "sk_live_[0-9a-zA-Z]{24}",
46
+ "Stripe Restricted API Key": "rk_live_[0-9a-zA-Z]{24}",
47
+ "Square Access Token": "sq0atp-[0-9A-Za-z\\-_]{22}",
48
+ "Square OAuth Secret": "sq0csp-[0-9A-Za-z\\-_]{43}",
49
+ "Twilio API Key": "SK[0-9a-fA-F]{32}",
50
+ "Twitter Access Token": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}",
51
+ "Twitter OAuth": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*['|\"][0-9a-zA-Z]{35,44}['|\"]",
52
+ "OpenAI User API Key": "sk-[A-Za-z0-9]{20}T3BlbkFJ[A-Za-z0-9]{20}",
53
+ "OpenAI User Project Key": "sk-proj-[A-Za-z0-9]{20}T3BlbkFJ[A-Za-z0-9]{20}",
54
+ "OpenAI Service ID": "^[A-Za-z0-9]+(-*[A-Za-z0-9]+)*$",
55
+ "OpenAI Service Key": "sk-{SERVICE ID}-[A-Za-z0-9]{20}T3BlbkFJ[A-Za-z0-9]{20}",
56
+ Wakatime: "waka_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}",
57
+ "Artifactory API Token": '(?:\\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}',
58
+ "Artifactory Password": '(?:\\s|=|:|"|^)AP[\\dABCDEF][a-zA-Z0-9]{8,}',
59
+ "Authorization Basic": "basic [a-zA-Z0-9_:\\\.=\-]+",
60
+ "Authorization Bearer": "bearer [a-zA-Z0-9_\\\.=\-]+",
61
+ "AWS Client ID": "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}",
62
+ "AWS MWS Key": "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}",
63
+ Base64: "(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[a-zA-Z0-9+/]+={0,2}",
64
+ "Basic Auth Credentials": "(?<=:\/\/ )[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+",
65
+ "Cloudinary Basic Auth": "cloudinary:\/\/[0-9]{15}:[0-9A-Za-z]+@[a-z]+",
66
+ "Facebook Client ID": "(?:[Ff](?:[Aa][Cc][Ee][Bb][Oo][Oo][Kk])|[Ff][Bb])(?:.{0,20})?['\"][0-9]{13,17}",
67
+ "Facebook Secret Key": "(?:[Ff](?:[Aa][Cc][Ee][Bb][Oo][Oo][Kk])|[Ff][Bb])(?:.{0,20})?['\"][0-9a-fA-F]{32}",
68
+ "Google Oauth Access Token": "ya29\\.[0-9A-Za-z\\-_]+",
69
+ "Heroku API Key": "[h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
70
+ "LinkedIn Client ID": "(?:[Ll]inked[Ii]n)(?:.{0,20})?['\"][0-9a-zA-Z]{12}['\"]",
71
+ "LinkedIn Secret Key": "(?:[Ll]inked[Ii]n)(?:.{0,20})?['\"][0-9a-zA-Z]{16}['\"]",
72
+ "MD5 Hash": "[a-f0-9]{32}",
73
+ };
74
+ const secrets = (source) => __awaiter(void 0, void 0, void 0, function* () {
75
+ const foundSecrets = [];
76
+ for (const [secretName, pattern] of Object.entries(secret_patterns)) {
77
+ const regex = new RegExp(pattern, "g");
78
+ const matches = source.matchAll(regex);
79
+ for (const match of matches) {
80
+ foundSecrets.push({
81
+ name: secretName,
82
+ value: match[0],
83
+ });
84
+ }
85
+ }
86
+ return foundSecrets;
87
+ });
88
+ export default secrets;
89
+ //# sourceMappingURL=secrets.js.map
package/build/strings/secrets.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/strings/secrets.ts"],"names":[],"mappings":";;;;;;;;;AAEA,gEAAgE;AAChE,MAAM,eAAe,GAAG;IACpB,UAAU,EAAE,iBAAiB;IAC7B,cAAc,EAAE,oBAAoB;IACpC,aAAa,EAAE,2DAA2D;IAC1E,iBAAiB,EAAE,iCAAiC;IACpD,uBAAuB,EAAE,iCAAiC;IAC1D,sBAAsB,EAAE,gCAAgC;IACxD,uBAAuB,EAAE,uCAAuC;IAChE,0BAA0B,EAAE,kBAAkB;IAC9C,uBAAuB,EACnB,2EAA2E;IAC/E,uBAAuB,EAAE,4BAA4B;IACrD,gBAAgB,EACZ,oEAAoE;IACxE,MAAM,EAAE,gEAAgE;IACxE,iBAAiB,EACb,oEAAoE;IACxE,gBAAgB,EACZ,gEAAgE;IACpE,gBAAgB,EAAE,yBAAyB;IAC3C,+BAA+B,EAAE,yBAAyB;IAC1D,6BAA6B,EACzB,0DAA0D;IAC9D,sBAAsB,EAAE,yBAAyB;IACjD,oBAAoB,EAChB,0DAA0D;IAC9D,8BAA8B,EAAE,mCAAmC;IACnE,sBAAsB,EAAE,yBAAyB;IACjD,oBAAoB,EAChB,0DAA0D;IAC9D,2BAA2B,EAAE,yBAAyB;IACtD,wBAAwB,EAAE,yBAAyB;IACnD,sBAAsB,EAClB,0DAA0D;IAC9D,oBAAoB,EAChB,8FAA8F;IAClG,oBAAoB,EAChB,6EAA6E;IACjF,mBAAmB,EAAE,2BAA2B;IAChD,iBAAiB,EAAE,qBAAqB;IACxC,iBAAiB,EACb,qEAAqE;IACzE,+BAA+B,EAC3B,yDAAyD;IAC7D,iBAAiB,EAAE,sBAAsB;IACzC,eAAe,EACX,qFAAqF;IACzF,gBAAgB,EAAE,yBAAyB;IAC3C,2BAA2B,EAAE,yBAAyB;IACtD,qBAAqB,EAAE,4BAA4B;IACnD,qBAAqB,EAAE,4BAA4B;IACnD,gBAAgB,EAAE,mBAAmB;IACrC,sBAAsB,EAClB,kEAAkE;IACtE,eAAe,EACX,qEAAqE;IACzE,qBAAqB,EAAE,2CAA2C;IAClE,yBAAyB,EAAE,gDAAgD;IAC3E,mBAAmB,EAAE,iCAAiC;IACtD,oBAAoB,EAChB,wDAAwD;IAC5D,QAAQ,EACJ,mEAAmE;IACvE,uBAAuB,EAAE,oCAAoC;IAC7D,sBAAsB,EAAE,6CAA6C;IACrE,qBAAqB,EAAE,6BAA6B;IACpD,sBAAsB,EAAE,6BAA6B;IACrD,eAAe,EACX,mEAAmE;IACvE,aAAa,EACT,2EAA2E;IAC/E,MAAM,EAAE,gEAAgE;IACxE,wBAAwB,EACpB,+DAA+D;IACnE,uBAAuB,EAAE,8CAA8C;IACvE,oBAAoB,EAChB,gFAAgF;IACpF,qBAAqB,EACjB,mFAAmF;IACvF,2BAA2B,EAAE,yBAAyB;IACtD,gBAAgB,EACZ,mGAAmG;IACvG,oBAAoB,EAChB,yDAAyD;IAC7D,qBAAqB,EACjB,yDAAyD;IAC7D,UAAU,EAAE,cAAc;CAC7B,CAAC;AAOF,MAAM,OAAO,GAAG,CAAO,MAAc,EAA0B,EAAE;IAC7D,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAClE,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC1B,YAAY,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,UAAU;gBAChB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;aAClB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACxB,CAAC,CAAA,CAAC;AAEF,eAAe,OAAO,CAAC"}