jsloot is a handy tool designed to download and beautify JavaScript files, often used alongside your favorite offensive web proxy.
The main goal of jsloot is to collect, download, and beautify JavaScript files while manually investigating a target with a web proxy.
As you browse your target manually, jsloot automatically downloads or collects JavaScript URLs to a local file, making them ready for further investigation.
To beautify JavaScript files, you'll need jsbeautifier. Install it with:
pip install jsbeautifiergo install github.com/bl155x0/jsloot@latestTo seamlessly integrate jsloot with Caido, install one, or all of the following passive Workflows to your Caido project:
https://github.com/bl155x0/caido/tree/main/workflows/passive/JSLoot
jsloot various distinct sub-commands:
The add command is used to collect JavaScript URLs while investigating a target with a proxy tool like Caido.
It appends JavaScript URLs to a text file (jsloot.txt).
jsloot add -f jsloot.txt "http://example.com/example.js"If the JSLootAdd Caido passive Workflow is installed (see Caido), this command is executed automatically, for every recognized JavaScript file while browsing your target with Caido.
The get command downloads and beautifies a specific JavaScript file and beautifies it.
jsloot get -u "https://www.example.com/example.js"If the Caido JSLootGet Caido passive Workflow is installed (see Caido), this command is executed automatically, for every recognized JavaScript file while browsing your target with Caido.
The getll command downloads and beautifies all collected JavaScript URLs from a given file into to a local folder.
jsloot loot -f jsloot.txt★ ♥ 🐿 ~ HAPPY LOOTING ~