JS Snitch
JS Snitch is a command-line tool designed to scan remote JavaScript files for potential secrets or credentials using Trufflehog and Semgrep. It automates the process of identifying leaked API keys, tokens, or other credentials hidden in external JavaScript files.
Key Features:
- Multi-host Scanning: Scan a single host or a list of hosts to identify potential leaks.
- Trufflehog Integration: Leverages Trufflehog's capabilities for secret detection.
- Semgrep Integration: Configurable Semgrep rulesets for additional scanning and pattern-based detection.
- Beautification: Automatically prettifies downloaded JS files for better readability.
- Aggregated Results: Consolidates findings from Trufflehog and Semgrep into a single report.
- Verified vs. Unverified Secrets: Quickly see which secrets are valid and which need manual inspection.
Benefits:
- Efficiency: Helps penetration testers, bug bounty hunters, and security engineers quickly identify leaked credentials.
- User-Friendly: Provides a clear output structure for easy navigation and analysis of findings.
Highlights:
- Supports both individual and batch scanning of hosts.
- Outputs detailed reports including verified and unverified secrets for thorough analysis.