Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Support Center
  2. BApp Store
  3. JS Miner

Professional

JS Miner

Download BApp

This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.

Background

While assessing a web application, it is expected to enumerate information residing inside static files such as JavaScript or JSON resources.

This tool tries to help with this "initial" recon phase, which should be followed by manual review/analysis of the reported issues.

Note: Like many other tools of the same nature, this tool is expected to produce false positives. Also, as it is meant to be used as a helper tool, but it does not replace manual review/analysis (nothing really can).

Features

  • Scans for secrets / credentials
    • It uses Shannon entropy to improve the confidence level.
  • Scans for subdomains (passive)
  • Scans for cloud URLs (passive)
    • Support for (AWS, Azure, Google, CloudFront, Digital Ocean, Oracle, Alibaba, Firebase, Rackspace, Dream Host)
  • Tries to identify "dependency confusion" issues (passive but connects to NPM JS registry to verify the issue)
    • Reports a critical issue when a dependency or an organization is missing from the NPM registry.
    • Reports informational issues for identified dependencies.
  • JS Source Mapper (active and passive)
    • Tries to construct source code from JavaScript Source Map Files (if found).
    • Actively tries to guess the common location of the ".map" files;
    • It can also (passively) parse inline base64 JS map files.
  • Static files dumper (passive but requires manual invocation)
    • A one-click option to dump static files from one or multiple websites.
    • Think 'ctrl+A' in your Burp's 'sitemap', then dump all static files.
    • You can use this feature to run your custom tools to find specific patterns for example.
  • API Endpoints Finder (passive)
    • Tries to find GET/POST/PUT/DELETE/PATCH API endpoints.

How to use this tool

In a nutshell: Passive scans are invoked automatically, while active scans require manual invocation ( by right-clicking your targets) from the site map or other Burp windows.

More information

The tool contains two main scans:

  • Passive scans, which are enabled by default (to search for inline JS map files, secrets, subdomains and cloud URLs).
  • Actively try to guess JavaScript source map files. (During the process, HTTP requests will be sent)

For the best reults

  • Ensure to navigate your target first in order for all the static files to be loaded;
  • Passive scans will trigger automatically. Ensure Burp's Sitemap is displaying your target's static files.
  • Then right-click on the target domain (example.com) from Burp Suite's site map tree, then select one of "JS Miner" scan options.
  • Sometimes you may need to allow cookies to be sent by the extension. Check the wiki for how to do that.

Note:JS Source mapper scan is not included in Burp's "Active scan".

Author

 Author

Mina M. Edwar

Version

 Version

1.16

Rating

 Rating

Popularity

 Popularity

Last updated

 Last updated

20 July 2023

Estimated system impact

 Estimated system impact

Overall impact: Low

Memory
Low
CPU
Low
General
Low
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.