jseye 1.0.0__tar.gz

jseye-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Lakshmikanthan K (letchupkt)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

jseye-1.0.0/MANIFEST.in

@@ -0,0 +1,8 @@
+include README.md
+include LICENSE
+include pyproject.toml
+include MANIFEST.in
+recursive-include jseye/data *.yaml *.txt
+recursive-include scripts *.js
+exclude test_*.py
+exclude test_*.txt

jseye-1.0.0/PKG-INFO

@@ -0,0 +1,264 @@
+Metadata-Version: 2.4
+Name: jseye
+Version: 1.0.0
+Summary: JavaScript Intelligence & Attack Surface Discovery Tool
+Home-page: https://github.com/letchupkt/jseye
+Author: Lakshmikanthan K
+Author-email: Lakshmikanthan K <letchupkt.dev@gmail.com>
+Maintainer-email: Lakshmikanthan K <letchupkt.dev@gmail.com>
+License: MIT
+Project-URL: Homepage, https://github.com/letchupkt/jseye
+Project-URL: Repository, https://github.com/letchupkt/jseye
+Project-URL: Issues, https://github.com/letchupkt/jseye/issues
+Project-URL: Documentation, https://github.com/letchupkt/jseye#readme
+Keywords: security,javascript,reconnaissance,bug-bounty,pentesting
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Software Development :: Testing
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: rich>=13.0.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: requests>=2.28.0
+Requires-Dist: urllib3>=1.26.0
+Requires-Dist: pathlib>=1.0.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
+Requires-Dist: black>=22.0.0; extra == "dev"
+Requires-Dist: flake8>=5.0.0; extra == "dev"
+Requires-Dist: mypy>=1.0.0; extra == "dev"
+Dynamic: author
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-python
+
+# JSEye 👁️
+
+**See What JavaScript Hides**
+
+JSEye is a production-grade Python reconnaissance framework for deep JavaScript intelligence and attack surface discovery. Built for bug bounty hunters and security researchers who need comprehensive JavaScript analysis with minimal noise.
+
+## 🚀 Features
+
+- **Fully Automatic**: Default mode runs complete pipeline with zero configuration
+- **Modular Design**: Control execution with granular flags
+- **Multi-Tool Integration**: Orchestrates gau, waybackurls, hakrawler, katana, subjs, linkfinder, and mantra
+- **Smart Prioritization**: AI-powered JavaScript file ranking
+- **Correlation Engine**: Connects findings across multiple sources
+- **Clean Terminal UX**: Rich progress indicators and polished output
+- **Linux-First**: Optimized for Linux environments
+
+## 📦 Installation
+
+### From PyPI (Recommended)
+
+```bash
+pip install jseye
+```
+
+### From Source
+
+```bash
+git clone https://github.com/letchupkt/jseye.git
+cd jseye
+pip install -e .
+```
+
+## 🛠️ Requirements
+
+JSEye automatically installs required tools on first run:
+
+- **Go** (for gau, waybackurls, hakrawler, katana, subjs, mantra)
+- **Node.js** (for AST analysis)
+- **Python 3.10+** (for linkfinder and core functionality)
+
+## 🎯 Usage
+
+### Default Mode (Full Pipeline)
+
+```bash
+# Run everything - this is the default behavior
+jseye -i subdomains.txt -o output
+```
+
+### Module Control Flags
+
+```bash
+# Stop after JavaScript discovery
+jseye -i subs.txt -o output --js-only
+
+# Skip secrets detection
+jseye -i subs.txt -o output --no-secrets
+
+# Only regex analysis (skip AST)
+jseye -i subs.txt -o output --regex-only
+
+# Skip AST analysis
+jseye -i subs.txt -o output --skip-ast
+
+# Skip sink detection
+jseye -i subs.txt -o output --no-sinks
+
+# Skip correlation engine
+jseye -i subs.txt -o output --no-correlate
+
+# Don't auto-install tools
+jseye -i subs.txt -o output --no-install
+```
+
+### Information Commands
+
+```bash
+# List available modules
+jseye --list-modules
+```
+
+## 🔄 Pipeline
+
+JSEye executes a comprehensive analysis pipeline:
+
+```
+subdomains.txt
+    ↓
+📡 URL Harvesting (gau, waybackurls, hakrawler, katana)
+    ↓
+🔍 JavaScript Filtering & Prioritization
+    ↓
+📥 JavaScript Download
+    ↓
+🧠 Regex Analysis
+    ↓
+🌳 AST Analysis
+    ↓
+🔗 LinkFinder Integration
+    ↓
+🔐 Secrets Detection (mantra)
+    ↓
+🎯 Sink Detection
+    ↓
+🔄 Intelligence Correlation
+    ↓
+📊 Final Report
+```
+
+## 📁 Output Structure
+
+```
+output/
+├── harvested_urls.txt              # All discovered URLs
+├── js_files_all.txt               # All JavaScript files
+├── js_files_high_priority.txt     # High-value JS files
+├── js_files_medium_priority.txt   # Medium-value JS files
+├── js_files_low_priority.txt      # Low-value JS files
+├── js_files_detailed.json         # Detailed JS analysis
+├── endpoints.json                 # Discovered endpoints
+├── secrets.json                   # Found secrets
+├── sinks.json                     # Detected sinks
+├── correlation_report.json        # Correlated intelligence
+└── jseye_summary.json            # Final summary
+```
+
+## 🎨 Terminal Output
+
+JSEye provides beautiful, informative terminal output:
+
+```
+██╗███████╗███████╗██╗   ██╗███████╗
+██║██╔════╝██╔════╝╚██╗ ██╔╝██╔════╝
+██║███████╗█████╗   ╚████╔╝ █████╗  
+██   ██║╚════██║██╔══╝    ╚██╔╝  ██╔══╝  
+╚█████╔╝███████║███████╗   ██║   ███████╗
+ ╚════╝ ╚══════╝╚══════╝   ╚═╝   ╚══════╝
+
+        JSEye — See What JavaScript Hides
+       Author: Lakshmikanthan K (letchupkt)
+
+[+] Loading domains from subdomains.txt
+[+] Harvesting URLs (gau, waybackurls, katana)
+[+] Extracted 1,482 JavaScript files
+[+] Prioritized 214 high-value JS files
+[+] Analyzing JavaScript (regex + AST)
+[+] Found 37 endpoints, 4 secrets, 9 sinks
+[+] Correlating intelligence
+[✓] Results saved to output/
+
+──────── JSEye Summary ────────
+JS Files Analyzed : 214
+Endpoints Found   : 37
+Secrets Found     : 4
+Sinks Found       : 9
+High Confidence   : 11
+Output Directory  : output/
+────────────────────────────────
+```
+
+## 🧠 Smart Features
+
+### JavaScript Prioritization
+
+JSEye intelligently prioritizes JavaScript files based on:
+
+- **High-value indicators**: admin, api, auth, config, dashboard, login
+- **File characteristics**: non-minified, shorter paths, custom code
+- **Vendor detection**: deprioritizes common libraries and CDN files
+
+### Correlation Engine
+
+Connects findings across multiple sources to reduce false positives and highlight high-confidence discoveries.
+
+### Auto-Installation
+
+Automatically detects and installs missing tools on first run, with graceful fallbacks and clear error messages.
+
+## 🔧 Advanced Configuration
+
+### Custom Regex Patterns
+
+Edit `jseye/data/regex.yaml` to customize detection patterns for:
+- API endpoints
+- Secrets and tokens
+- DOM sinks
+- Custom patterns
+
+### Vendor Blacklist
+
+Modify `jseye/data/vendor_blacklist.txt` to customize which JavaScript libraries are deprioritized.
+
+## 🤝 Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
+
+## 📄 License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## 👤 Author
+
+**Lakshmikanthan K** (letchupkt)
+- GitHub: [@letchupkt](https://github.com/letchupkt)
+
+## 🙏 Acknowledgments
+
+- Thanks to all the tool authors: gau, waybackurls, hakrawler, katana, subjs, linkfinder, mantra
+- Inspired by the bug bounty and security research community
+
+---
+
+**JSEye** - See what JavaScript hides. 👁️

jseye-1.0.0/README.md

@@ -0,0 +1,219 @@
+# JSEye 👁️
+
+**See What JavaScript Hides**
+
+JSEye is a production-grade Python reconnaissance framework for deep JavaScript intelligence and attack surface discovery. Built for bug bounty hunters and security researchers who need comprehensive JavaScript analysis with minimal noise.
+
+## 🚀 Features
+
+- **Fully Automatic**: Default mode runs complete pipeline with zero configuration
+- **Modular Design**: Control execution with granular flags
+- **Multi-Tool Integration**: Orchestrates gau, waybackurls, hakrawler, katana, subjs, linkfinder, and mantra
+- **Smart Prioritization**: AI-powered JavaScript file ranking
+- **Correlation Engine**: Connects findings across multiple sources
+- **Clean Terminal UX**: Rich progress indicators and polished output
+- **Linux-First**: Optimized for Linux environments
+
+## 📦 Installation
+
+### From PyPI (Recommended)
+
+```bash
+pip install jseye
+```
+
+### From Source
+
+```bash
+git clone https://github.com/letchupkt/jseye.git
+cd jseye
+pip install -e .
+```
+
+## 🛠️ Requirements
+
+JSEye automatically installs required tools on first run:
+
+- **Go** (for gau, waybackurls, hakrawler, katana, subjs, mantra)
+- **Node.js** (for AST analysis)
+- **Python 3.10+** (for linkfinder and core functionality)
+
+## 🎯 Usage
+
+### Default Mode (Full Pipeline)
+
+```bash
+# Run everything - this is the default behavior
+jseye -i subdomains.txt -o output
+```
+
+### Module Control Flags
+
+```bash
+# Stop after JavaScript discovery
+jseye -i subs.txt -o output --js-only
+
+# Skip secrets detection
+jseye -i subs.txt -o output --no-secrets
+
+# Only regex analysis (skip AST)
+jseye -i subs.txt -o output --regex-only
+
+# Skip AST analysis
+jseye -i subs.txt -o output --skip-ast
+
+# Skip sink detection
+jseye -i subs.txt -o output --no-sinks
+
+# Skip correlation engine
+jseye -i subs.txt -o output --no-correlate
+
+# Don't auto-install tools
+jseye -i subs.txt -o output --no-install
+```
+
+### Information Commands
+
+```bash
+# List available modules
+jseye --list-modules
+```
+
+## 🔄 Pipeline
+
+JSEye executes a comprehensive analysis pipeline:
+
+```
+subdomains.txt
+    ↓
+📡 URL Harvesting (gau, waybackurls, hakrawler, katana)
+    ↓
+🔍 JavaScript Filtering & Prioritization
+    ↓
+📥 JavaScript Download
+    ↓
+🧠 Regex Analysis
+    ↓
+🌳 AST Analysis
+    ↓
+🔗 LinkFinder Integration
+    ↓
+🔐 Secrets Detection (mantra)
+    ↓
+🎯 Sink Detection
+    ↓
+🔄 Intelligence Correlation
+    ↓
+📊 Final Report
+```
+
+## 📁 Output Structure
+
+```
+output/
+├── harvested_urls.txt              # All discovered URLs
+├── js_files_all.txt               # All JavaScript files
+├── js_files_high_priority.txt     # High-value JS files
+├── js_files_medium_priority.txt   # Medium-value JS files
+├── js_files_low_priority.txt      # Low-value JS files
+├── js_files_detailed.json         # Detailed JS analysis
+├── endpoints.json                 # Discovered endpoints
+├── secrets.json                   # Found secrets
+├── sinks.json                     # Detected sinks
+├── correlation_report.json        # Correlated intelligence
+└── jseye_summary.json            # Final summary
+```
+
+## 🎨 Terminal Output
+
+JSEye provides beautiful, informative terminal output:
+
+```
+██╗███████╗███████╗██╗   ██╗███████╗
+██║██╔════╝██╔════╝╚██╗ ██╔╝██╔════╝
+██║███████╗█████╗   ╚████╔╝ █████╗  
+██   ██║╚════██║██╔══╝    ╚██╔╝  ██╔══╝  
+╚█████╔╝███████║███████╗   ██║   ███████╗
+ ╚════╝ ╚══════╝╚══════╝   ╚═╝   ╚══════╝
+
+        JSEye — See What JavaScript Hides
+       Author: Lakshmikanthan K (letchupkt)
+
+[+] Loading domains from subdomains.txt
+[+] Harvesting URLs (gau, waybackurls, katana)
+[+] Extracted 1,482 JavaScript files
+[+] Prioritized 214 high-value JS files
+[+] Analyzing JavaScript (regex + AST)
+[+] Found 37 endpoints, 4 secrets, 9 sinks
+[+] Correlating intelligence
+[✓] Results saved to output/
+
+──────── JSEye Summary ────────
+JS Files Analyzed : 214
+Endpoints Found   : 37
+Secrets Found     : 4
+Sinks Found       : 9
+High Confidence   : 11
+Output Directory  : output/
+────────────────────────────────
+```
+
+## 🧠 Smart Features
+
+### JavaScript Prioritization
+
+JSEye intelligently prioritizes JavaScript files based on:
+
+- **High-value indicators**: admin, api, auth, config, dashboard, login
+- **File characteristics**: non-minified, shorter paths, custom code
+- **Vendor detection**: deprioritizes common libraries and CDN files
+
+### Correlation Engine
+
+Connects findings across multiple sources to reduce false positives and highlight high-confidence discoveries.
+
+### Auto-Installation
+
+Automatically detects and installs missing tools on first run, with graceful fallbacks and clear error messages.
+
+## 🔧 Advanced Configuration
+
+### Custom Regex Patterns
+
+Edit `jseye/data/regex.yaml` to customize detection patterns for:
+- API endpoints
+- Secrets and tokens
+- DOM sinks
+- Custom patterns
+
+### Vendor Blacklist
+
+Modify `jseye/data/vendor_blacklist.txt` to customize which JavaScript libraries are deprioritized.
+
+## 🤝 Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
+
+## 📄 License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## 👤 Author
+
+**Lakshmikanthan K** (letchupkt)
+- GitHub: [@letchupkt](https://github.com/letchupkt)
+
+## 🙏 Acknowledgments
+
+- Thanks to all the tool authors: gau, waybackurls, hakrawler, katana, subjs, linkfinder, mantra
+- Inspired by the bug bounty and security research community
+
+---
+
+**JSEye** - See what JavaScript hides. 👁️

jseye-1.0.0/jseye/__init__.py

@@ -0,0 +1,9 @@
+"""
+JSEye - JavaScript Intelligence & Attack Surface Discovery Tool
+Author: Lakshmikanthan K (letchupkt)
+License: MIT
+"""
+
+__version__ = "1.0.0"
+__author__ = "Lakshmikanthan K (letchupkt)"
+__email__ = "letchupkt.dev@gmail.com"

jseye-1.0.0/jseye/banner.py

@@ -0,0 +1,37 @@
+"""
+JSEye Banner Display
+"""
+
+from rich.console import Console
+from rich.text import Text
+from rich.align import Align
+
+console = Console()
+
+def show_banner():
+    """Display the JSEye banner with proper alignment"""
+    banner = """
+                                        
+   ▄▄▄▄▄▄  ▄▄▄▄▄     ▄▄▄▄▄▄▄            
+  █▀ ██   ██▀▀▀▀█▄  █▀██▀▀▀             
+     ██   ▀██▄  ▄▀    ██                
+     ██     ▀██▄▄     ████   ██ ██ ▄█▀█▄
+     ██   ▄   ▀██▄    ██     ██▄██ ██▄█▀
+     ██   ▀██████▀    ▀█████▄▄▀██▀▄▀█▄▄▄
+ ▄   ██                        ██       
+ ▀████▀                      ▀▀▀        
+"""
+    
+    # Display banner in cyan, centered
+    banner_text = Text(banner.strip(), style="cyan bold")
+    console.print(Align.center(banner_text))
+    console.print()
+    
+    # Tagline and author info, centered
+    tagline = Text("JSEye — See What JavaScript Hides", style="green bold")
+    console.print(Align.center(tagline))
+    
+    author = Text("Author: Lakshmikanthan K (letchupkt)", style="purple")
+    console.print(Align.center(author))
+    
+    console.print()

jseye-1.0.0/jseye/cli.py

@@ -0,0 +1,137 @@
+#!/usr/bin/env python3
+"""
+JSEye CLI - Main entry point
+"""
+
+import os
+import sys
+import argparse
+from pathlib import Path
+from rich.console import Console
+
+from .banner import show_banner
+from .installer import check_and_install_tools
+from .pipeline import JSEyePipeline
+
+console = Console()
+
+def clear_terminal():
+    """Clear terminal screen (cross-platform)"""
+    import platform
+    if platform.system() == "Windows":
+        os.system("cls")
+    else:
+        os.system("clear")
+
+def create_parser():
+    """Create argument parser"""
+    parser = argparse.ArgumentParser(
+        description="JSEye - JavaScript Intelligence & Attack Surface Discovery",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog="""
+Examples:
+  jseye -i subs.txt -o output                    # Full pipeline (default)
+  jseye -i subs.txt -o output --js-only          # Stop after JS discovery
+  jseye -i subs.txt -o output --no-secrets       # Skip secrets detection
+  jseye -i subs.txt -o output --regex-only       # Only regex analysis
+        """
+    )
+    
+    # Required arguments (but not when listing modules)
+    parser.add_argument("-i", "--input", 
+                       help="Input file containing subdomains")
+    parser.add_argument("-o", "--output",
+                       help="Output directory for results")
+    
+    # Module control flags (disable/isolate modules)
+    parser.add_argument("--js-only", action="store_true",
+                       help="Stop after JavaScript discovery")
+    parser.add_argument("--no-install", action="store_true",
+                       help="Do not auto-install missing tools")
+    parser.add_argument("--skip-ast", action="store_true",
+                       help="Skip AST analysis")
+    parser.add_argument("--regex-only", action="store_true",
+                       help="Only perform regex analysis")
+    parser.add_argument("--no-secrets", action="store_true",
+                       help="Skip secrets detection (mantra)")
+    parser.add_argument("--no-sinks", action="store_true",
+                       help="Skip sink detection")
+    parser.add_argument("--no-correlate", action="store_true",
+                       help="Skip correlation engine")
+    parser.add_argument("--list-modules", action="store_true",
+                       help="Show available modules and exit")
+    
+    return parser
+
+def list_modules():
+    """List available modules"""
+    modules = [
+        "harvest - URL harvesting (gau, waybackurls, katana)",
+        "js_filter - JavaScript file filtering",
+        "js_download - JavaScript file downloading", 
+        "analyze_regex - Regex-based analysis",
+        "analyze_ast - AST-based analysis",
+        "linkfinder - Endpoint discovery",
+        "secrets - Secret detection (mantra)",
+        "sinks - Sink detection",
+        "correlate - Intelligence correlation"
+    ]
+    
+    console.print("\n[bold cyan]Available JSEye Modules:[/bold cyan]")
+    for module in modules:
+        console.print(f"  • {module}")
+    console.print()
+
+def main():
+    """Main CLI entry point"""
+    parser = create_parser()
+    args = parser.parse_args()
+    
+    # Clear terminal and show banner
+    clear_terminal()
+    show_banner()
+    
+    # List modules if requested
+    if args.list_modules:
+        list_modules()
+        return 0
+    
+    # Validate required arguments for normal operation
+    if not args.input or not args.output:
+        parser.error("Input and output arguments are required for normal operation")
+    
+    # Validate input file
+    if not Path(args.input).exists():
+        console.print(f"[red]Error: Input file '{args.input}' not found[/red]")
+        return 1
+    
+    # Create output directory
+    output_dir = Path(args.output)
+    output_dir.mkdir(parents=True, exist_ok=True)
+    
+    try:
+        # Check and install tools if needed
+        if not args.no_install:
+            console.print("[yellow]Checking required tools...[/yellow]")
+            if not check_and_install_tools():
+                console.print("[red]Failed to install required tools[/red]")
+                return 1
+        
+        # Initialize and run pipeline
+        pipeline = JSEyePipeline(args.input, args.output, args)
+        results = pipeline.run()
+        
+        # Show summary
+        pipeline.show_summary(results)
+        
+        return 0
+        
+    except KeyboardInterrupt:
+        console.print("\n[yellow]Interrupted by user[/yellow]")
+        return 1
+    except Exception as e:
+        console.print(f"[red]Error: {e}[/red]")
+        return 1
+
+if __name__ == "__main__":
+    sys.exit(main())