Jsleak
jsleak is a tool to find secret , paths or links in the source code during the recon.
Install / Use
/learn @byt3hx/JsleakREADME
Description
I was developing jsleak during most of my free time for my own need.It is easy-to-use command-line tool designed to uncover secrets and links in JavaScript files or source code. The jsleak was inspired by Linkfinder and regexes are collected from multiple sources.
Features:
- Discover secrets in JS files such as API keys, tokens, and passwords.
- Identify links in the source code.
- Complete Url Function
- Concurrent processing for scanning of multiple Urls
- Check status code if the url is alive or not
Latest Update
Jsleak now supports regex patterns from secrets-patterns-db https://github.com/mazen160/secrets-patterns-db.
If you want to use your own custom regex patterns, you can place them in a YAML file following the template below.
patterns:
- pattern:
name: Amazon MWS Auth Token
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
confidence: low
Installation
If you are using old version of golang (go 1.15, 1.16) , use the following command to install jsleak.
go get github.com/channyein1337/jsleak
If you are using latest version of go (1.17+) , use the following command to install.
go install github.com/channyein1337/jsleak@latest
Usage
Choose a YAML file from the secrets-patterns-db. If you’re not sure which one to pick, consider using: https://raw.githubusercontent.com/mazen160/secrets-patterns-db/refs/heads/master/datasets/trufflehog-v3.yaml
Run jsleak with Your Selected Regex File
echo "http://testphp.vulnweb.com/" | jsleak -t trufflehog-v3.yaml -s
To display help message
jsleak -h
Secret Finder
echo http://testphp.vulnweb.com/ | jsleak -t secret.yaml -s
Link Finder
echo http://testphp.vulnweb.com/ | jsleak -l
Complete Url
echo http://testphp.vulnweb.com/ | jsleak -e
Check Status
echo http://testphp.vulnweb.com/ | jsleak -c 20 -k
You can also use multiple flags
echo http://testphp.vulnweb.com/ | jsleak -c 20 -l -s
Running with Urls
cat urls.txt | jsleak -l -s -c 30
To Do
- Scan secret on completeURL with 200 response.
- Add Version flag.
- Support scanning local files.
- Support scanning apk files.
- Update Regex.
- Support mulitple user agents.
- Support color output
Credit and thanks to all the following resources
- https://github.com/GerbenJavado/LinkFinder
- https://github.com/0xsha/GoLinkFinder
Related Skills
node-connect
351.4kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
110.7kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
351.4kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
351.4kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
