LinkFinder – Script to search Endpoints in JavaScript Files

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities. It does so by using jsbeautifier for python in combination with a fairly large regular expression.

LinkFinder - Script to search Endpoints in JavaScript Files
LinkFinder – Script to search Endpoints in JavaScript Files

The regular expressions consists of four small regular expressions. These are responsible for finding:

  • Full URLs (https://example.com/*)
  • Absolute URLs or dotted URLs (/* or ../*)
  • Relative URLs with atleast one slash (text/test.php)
  • Relative URLs without a slash (test.php)

The output is given in HTML on web browser. some of the use cases with this tool are:

  • Finding endpoints in an online JavaScript file and output the results to results.html
  • Analyzing an entire domain and its JS files
  • Burp input (select in target the files you want to save containing multiple JS files)
  • Add cookies to the request for authenticated JS files.
  • Enumerating an entire folder for JavaScript files, while looking for endpoints starting with /api/ and finally saving the results to results.html report.

You can read more and download this tool over here: https://github.com/GerbenJavado/LinkFinder

Share