Hello Stacker, While assessing a web application, it is expected to enumerate information residing inside static files such as JavaScript or JSON resources.
This tool tries to help with this “initial” recon phase, which should be followed by manual review/analysis of the reported issues.
Note: Like many other tools of the same nature, this tool is expected to produce false positives. Also, as it is meant to be used as a helper tool, but it does not replace manual review/analysis (nothing really can).
This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.
Burp JS Miner
Quickstart
- Download from BApp Store, or download the pre-built “jar” file from “Releases” then load it normally to your Burp Suite.
- Passive scans are invoked automatically, while active scans require manual invocation ( by right-clicking your targets) from the site map or other Burp windows.
- No configuration needed, no extra Burp Suite tab.
- Just install and maybe enjoy.
or build from source :
git clone https://github.com/minamo7sen/burp-JS-Miner.git
cd burp-JS-Miner
gradle fatJar
Okay that’s all folks, for the full docs please refer to here .. cyaa ..