JSLinks is a Python tool designed to extract API endpoints and URLs from JavaScript files by crawling domains or specific JS URLs. It supports recursive crawling and custom headers, making it ideal for web reconnaissance and security testing.
- Extracts URLs, API paths, and endpoints from JavaScript files using regex patterns.
- Supports full URLs, absolute paths, relative paths, and file extensions (e.g.,
.php).
- Accepts domains, domain lists, or JS file URLs as input.
- Recursive crawling to follow JS links.
- Custom HTTP headers for requests.
- Saves sorted, deduplicated endpoints to a specified output file, appending to existing content.
- Python 3 and
pipinstalled. - Basic Linux tools (
git,curl).
- Clone the repository:
git clone https://github.com/omarsamy10/jslinks.git cd jslinks - Install dependencies:
pip install requests
- Make the script executable (optional):
Optionally, move it to
chmod +x jslinks.py
/usr/local/bin:sudo mv jslinks.py /usr/local/bin/jslinks
Run jslinks.py with the desired options:
python3 jslinks.py -d example.com -o endpoints.txt-d, --domains: List of domains to crawl (e.g.,example.com).-l, --domain-list: File containing domains (one per line).-j, --js-file: File containing JS URLs to crawl.-o, --output: Output file for endpoints (default:endpoints.txt).-r, --recursive: Enable recursive JS crawling.-H, --header: Custom headers (e.g.,"Authorization: Bearer token").
Results are saved to the specified output file (e.g., endpoints.txt), sorted and deduplicated. If the file exists, new endpoints are appended and the file is re-sorted.
python3 jslinks.py -d example.com -j js_urls.txt -o results.txt -r -H "User-Agent: CustomAgent"https://api/v1/users
https://api.example.com/account/profile
https://example.com/data
Contributions are welcome! To contribute:
- Fork the repository.
- Create a new branch for your feature or bugfix.
- Commit your changes.
- Submit a pull request.
Inspired by web reconnaissance tools and workflows.
For questions, feedback, or support:
Enjoy using JSLinks! 🚀