gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-06-12 19:11:25 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(js): extract secrets and endpoints from scanned javascript

Browse Source 
the -js pipeline already pulls every <script> into a buffer but only
mined supabase jwts from it. reuse that buffer to run a credential
regex bank (aws/github/slack/stripe/google keys, pem blocks, plus
entropy-gated generic apikey/secret/token assignments) and a
linkfinder-style endpoint extractor that resolves relatives to
absolute urls. both dedupe across scripts and surface through the
existing js logger and result struct, no new flag.
This commit is contained in:
vmfunc
2026-06-09 17:54:23 -07:00
committed by vmfunc
parent 65ce36e963
commit b4e78114d7
9 changed files with 602 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/usage.md
+1 -1
View File
@@ -79,7 +79,7 @@ scopes: `common` (top ports), `full` (all ports)
### javascript analysis
`-js` - analyze javascript files
`-js` - analyze javascript files + secret and endpoint extraction
```bash
./sif -u https://example.com -js