You have probably clicked after the title, yes it is true! The bug I am going to discuss is the most easiest bug you can find and report, Let’s get started!

Every website is written in lines of codes, In basic, a website is comprised on 3 main languages:

• Html: Structure of the website
• CSS: Styling and User Interface
• JavaScript: Make web pages interactive

You can see the source code by pressing “Ctrl + U” but but but, sometimes these JS files can show some very vulnerable information without any encryption.

This information includes usernames, passwords, credentials, API keys etc.

This vulnerability can be reported and can result in bounty or swag.

Ok so, Finding this vulnerability consist of 2 parts, first is finding all JS files of that website, second is finding misconfigured information from that extracted JS files.

Finding JS files:

For finding all JS files there are two most popular tools for this i.e. SubJS and Katana.

In this article I am going to cover Katana

First Step: Install Katana

Install from here (GitHub)

Katana can be installed by git clone. I am not gonna tell that installation in this blog.

Second Step: Run Command

katana -list {domains.txt} -d 5 -jc | grep ".js$"  | uniq | sort

Run this command to run katana for finding all JS files of provided list of domains.

Remember to add your list of subdomains of a particular website in place of {domains.txt} & configure it for your own ease.

It will show something like this:

And after some crawling it will show JS files. Remember to save them.

Third Step: Extracting sensitive information from JS files

For extracting all sensitive information we will be using a tool called SecretFinder.

Download SecretFinder (GitHub)

Now after installing SecretFinder then run the following command

cat {jsfilesgottenfromkatana.txt} | while read url; do python3
SecretFinder/SecretFinder.py  -i $url -o cli; done

And it will display all possible credentials of all provided JS files fetched from katana

If anything sensitive found report it.