4 min read bugbounty

Javascript Hacking on CLI for Pentesters (jsmon-cli)

jsmon-cli is a fast and convenient tool (API client) for your JS hacking powered by jsmon.sh. jsmon.sh is a JS security framework made for security enthusiasts, bugbounty hunters, penetration testers
Javascript Hacking on CLI for Pentesters (jsmon-cli)

jsmon-cli is a fast and convenient tool (API client) for your JS hacking powered by jsmon.sh.

What is jsmon.sh?

jsmon.sh is a JS security framework made for security enthusiasts, bugbounty hunters, penetration testers and security-focused enterprises to keep track of secrets, exposures and intel over the javascript files. As input, jsmon.sh can use a JS URL, a file (containing JS URLs), and even a domain name. The services present inside scans JS files for domains, URLs, API paths, GraphQL operations, client-side vulnerabilites, GUIDs, JWTs, IP addresses, emails, S3 domains, and 150+ api keys. Embedded IP rotation, report generation, JS monitoring, and advanced notification service are also present inside jsmon.sh.

What is jsmon-cli?

A command-line interface designed to act as an API client for jsmon.sh. Whatever you can do at the webapp, most of these features can be used via jsmon-cli. It calls the same API endpoints which the webapp uses. The public github repo for tool is at https://github.com/rashahacks/jsmon-cli.

Installation Instructions (jsmon-cli)

Ensure you have GoLang installed on your system. If not, download and install it from golang.org. Then, clone the repository and build the binary:

git clone https://github.com/rashahacks/jsmon-cli
cd jsmon-cli
go build -o jsmon

Alternatively, you can install jsmon-cli directly using:

go install github.com/rashahacks/jsmon-cli@latest

Authentication (API Key)

In order to authenticate with your account via jsmon-cli. First, get your API key by logging in at the website. Once you are logged in, click on JSMON API, and go to API Keys. You can regenerate the API key if it gets expired, by clicking on regenerate icon.

Now, there are two methods to authenticate with jsmon-cli:

  1. Add your API key at ~/.jsmon/credentials file. At first line, just paste the API key. No dash, or curly braces are required. Paste the key in first line, that's it.

2. You can provide the API key to -key flag present in the CLI tool.

Usage

Usage of jsmon-cli:
  jsmon-cli [flags]

Flags:

INPUT:
  -u <URL>          		URL to upload for scanning.
  -fid <fileId>         	File to be rescanned by fileId.
  -f <local file path>          File to upload (local path)
  -d <domainName>   		Domain to scan

AUTHENTICATION:
  -key <uuid>                   API key for authentication

UTILITY:
  -ud                           Update jsmon-cli to the latest version

OUTPUT:
  -jsi <domainName>             View JS Intelligence data by domain name
  -secrets                      View Keys & Secrets
  -urls                         View all URLs.
  -us int                       Number of URLs to fetch (default 10).
  -files                        View all files.
  -profile                      View user profile.
  -curls                        View changed JS URLs.

ADDITIONAL OPTIONS:
  -H <Key: Value>               Custom headers (can be used multiple times).
  -w <words>                    Comma-separated list of words to include in the scan.
  -domains                      Get all domains for the user.
  -urlsByDomain <domain>        Search URLs by domain.
  -count                        Get total count of overall analysis data.
  -jsiJsmonId <ID>              Get automation results by jsmon ID.
  -jsiFileId <ID>               Get automation results by file ID.

QUERY:
  -query <field>=<value>       Get all the data by Jsmon queries 
   check query guide here `https://bit.ly/4krnkEq`
Reverse JS search:
  -rsearch <field>=<value>      Search by field: emails, domainname, extracteddomains, s3domains, url, extractedurls, ipv4addresses, ipv6addresses, jwttokens, gqlquery, gqlmutation, guids, apipaths, vulnerabilities, nodemodules, domainstatus, queryparamsurls, socialmediaurls, filterdporturls, gqlfragment, s3domainsinvalid, fileextensionurls, localhosturls.

Scan JS URL

Scans the JS file for JS reconnaissance, and API keys/secrets.

jsmon-cli -u https://example.com/main.js

Scan Domain

Extracts JS URLs of that domain recurisvely 3 times and then scans for JS reconnaissance and API keys/secrets.

jsmon-cli -d beta.jsmon.sh -wksp <WORKSPACE_ID>

Querying Data

-query flag can be used to query by fields, domain, page, and sub. Helps to get the data JS reconnaissance modules find inside JS files.

jsmon-cli -query "field=emails" -wksp <WORKSPACE_ID>
jsmon-cli -query "field=emails domain=shopify.com sub=true"
jsmon-cli -query "field=apiPaths domain=shopify.com" -wksp <WORKSPACE_ID>

jsmon-cli -query "field=extractedUrls page=2" -wksp <WORKSPACE_ID>

Look at the help menu for more commands.

jsmon-cli --help

Conclusion

jsmon-cli is a powerful and efficient tool that extends the capabilities of the jsmon.sh platform to the command line, making it easier for security professionals to automate and streamline their JS security tasks. With simple installation and flexible authentication methods, it offers a convenient way to leverage the robust features of jsmon.sh, including scanning, monitoring, and reporting, directly from your terminal.

Thanks,

Inderjeet Singh

Published by:

Jsmon Team

You might also like...

07
Mar

Exploiting Mapbox API Tokens: Unauthorized Usage & Billing Abuse

3 min read
20
Dec

S3 Bucket Takeover in H1702 LHE Worth $3000 Via Jsmon.sh

2 min read