JSMon – JavaScript Change Monitor for BugBounty

Employing this script, you can configure a variety of JavaScript information on websites that you want to observe. Everytime you operate this script, these files will be fetched and in comparison to the earlier fetched version. If they have changed, you will be notified via Telegram with a message made up of a connection to the script, the improved filesizes, and a diff file to inspect the modifications conveniently.

Set up

To put in JSMon:

git clone https://github.com/robre/jsmon.git 
cd jsmon
python setup.py set up

You want to established up your Slack or Telegram token in the Natural environment, e.g. by building a .env File: touch .env With The Contents:

JSMON_NOTIFY_TELEGRAM=True
JSMON_TELEGRAM_TOKEN=YOUR TELEGRAM TOKEN
JSMON_TELEGRAM_CHAT_ID=YOUR TELEGRAM CHAT ID
#JSMON_NOTIFY_SLACK=True
#JSMON_SLACK_TOKEN=sometoken
#JSMON_SLACK_CHANNEL_ID=somechannel

To Empower slack, uncomment the slack strains in the env and include your token.

To make a cron script to operate JSMon often:

crontab -e

build an entry like this:

@everyday /path/to/jsmon.sh

Note that you should operate the .sh file, since otherwise the environment will be messed up.

This will run JSMon after a day, at midnight. You can improve @day-to-day to regardless of what schedule fits you.

To configure Telegram notifications, you require to increase your Telegram API essential and chat_id to the code, at the start off of jsmon.py. You can study how to get these values here.

Observe, for Slack Support, you require to set up your slack app correctly and use the slack oauth token. The Application demands to have file upload legal rights and wants to be in the channel that you want it in.. And finally, you need to get started with some targets that you want to check. Allows produce an example:

echo "https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.js" >> targets/cdnjs-case in point

All accomplished ! now you can run python jsmon.py to obtain the specified data files for the 1st time!

Capabilities

• Maintain Observe of endpoints – check out them in a configurable interval (applying cron)
• when endpoints adjust – ship a notification by way of Telegram or Slack

Utilization

• Deliver Endpoints by way of data files in targets/ directory (line seperated endpoints)

  • any number of documents, with just one endpoint per line
  • e.g. 1 file for each site, or a single file for every program, and many others.

• Each and every endpoint gets downloaded and stored in downloads/ with its hash as file identify (initially 10 chars of md5 hash)

  • if it currently exists nothing at all improvements
  • if it is changed, consumer will get notified

• jsmon.json keeps monitor of which endpoints are involved with which filehashes

• jsmon is developed to hold monitor of javascript information on websites – but it can be applied for any filetype to increase endpoints

Contributors

@r0bre – Core

@Yassineaboukir – Slack Notifications

Picture and Write-up Resource connection

Go through A lot more on Pentesting Instruments