Skip to content
/ GoLinkFinder Public
forked from 0xsha/GoLinkFinder

A fast and minimal JS endpoint extractor

License

MIT license
1 star 47 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Vulnpire/GoLinkFinder

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.gitignore
.gitignore
 
 
GoLinkFinder.go
GoLinkFinder.go
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

GoLinkFinder

A minimal JS endpoint extractor

This tool has been significantly rewritten and improved to enhance its functionality. Special thanks to 0xsha for creating this amazing tool that serves as the foundation for further development.

Why?

To extract endpoints in both HTML source and embedded javascript files. Useful for bug hunters, red teamers, infosec ninjas.

Version

1.1.0

Usage

usage: goLinkFinder [-h|--help] [-d|--domain "<value>"] [-f|--file "<value>"]
                    [-o|--out "<value>"] [-s|--scope "<value>"] [-c|--complete]
Arguments:

  -h  --help         Print help information.
  -d  --domain       Input a URL to extract JavaScript links from.
  -f  --file         Specify a file containing a list of URLs (one per line).
  -o  --out          File name for output (e.g., output.txt).
  -s  --scope        Scope filtering for URLs. Use 'all' for automatic domain
                     filtering based on each URL's hostname, or specify a keyword.
  -c  --complete     Filters to only include full URLs starting with http:// or https://.

Basic Extraction

Use GoLinkFinder with a single domain to find all JavaScript endpoints:

GoLinkFinder -d https://example.com

Scoping Results

Limit results to a specific scope:

GoLinkFinder -d https://example.com -s example

Alternatively, use -s all to automatically filter results based on the domain names in the input URLs.

Filtering Complete URLs

To filter results to only show complete URLs (http:// or https://):

GoLinkFinder -d https://example.com -c

Extracting from Multiple URLs

You can also input a list of URLs from a file:

GoLinkFinder -f urls.txt

Output to File

Save the extracted URLs to a file:

GoLinkFinder -d https://example.com -o output.txt

Output :

 "https://api.github.com/_private/browser/stats"
 "https://api.github.com/_private/browser/errors"
 "https://github.com/github-copilot/business_signup\"
 "https://github.com/enterprise/contact?scid=&amp;utm_campaign=2023q2-site-ww-CopilotForBusiness&amp;utm_medium=referral&amp;utm_source=github\"
 "https://github.com/features/security\"
 "https://docs.github.com/get-started/learning-about-github/about-github-advanced-security#about-advanced-security-features\"
 "https://docs.github.com/enterprise-server/billing/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security\"
 "https://github.com/orgs/community/discussions/57808\"

you can easily pipe out its output with your other tools.

image

Watch

asciicast

Requirements

Go > 1.22

Installation

go install github.com/Vulnpire/GoLinkFinder@latest

Axiom Support

[{
        "command":"GoLinkFinder -f input -s all -c | grep -ivE '\.(png|jpe?g|gif|svg|bmp|webp|tiff?)$' | anew output",
        "ext":"txt"
}]

Feature request or found an issue?

Please write a patch to fix it and then pull a request.

References

Python implementation: https://github.com/GerbenJavado/LinkFinder

About

A fast and minimal JS endpoint extractor

Topics

js crawl bug-bounty red-team reconnaissance

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%