Thanks to visit codestin.com
Credit goes to github.com

Skip to content

thd3r/fakjs

BranchesTags

Repository files navigation

Fakjs - A fast Go-based tool to uncover sensitive information in JavaScript 

███████╗ █████╗ ██╗  ██╗     ██╗███████╗
██╔════╝██╔══██╗██║ ██╔╝     ██║██╔════╝
█████╗  ███████║█████╔╝      ██║███████╗
██╔══╝  ██╔══██║██╔═██╗ ██   ██║╚════██║
██║     ██║  ██║██║  ██╗╚█████╔╝███████║
╚═╝     ╚═╝  ╚═╝╚═╝  ╚═╝ ╚════╝ ╚══════╝
                  v1.1.3 latest

Fakjs is a fast, lightweight, and extensible tool written in Go, designed to extract potentially sensitive information from publicly accessible JavaScript files. It plays a crucial role in reconnaissance during security assessments, allowing you to discover information that might aid in understanding the inner workings of a web application or reveal unintended data exposures.

Why Fakjs?

During penetration testing, bug bounty hunting, or red teaming, analyzing JavaScript files can lead to critical findings. Manual inspection is time-consuming, that's where Fakjs comes in. It uses pattern matching, regular expressions, and content heuristics to locate data that may be of interest from a security perspective.

Key Features

  • High Performance: Written in Go for fast execution and low memory usage.
  • Automated Detection: Identifies potential sensitive content through customizable regex-based scanning.
  • Remote & Local Support: Analyze JavaScript from URLs or local file paths.
  • Recon-Friendly: Ideal for OSINT, bug bounty, pentesting, or passive reconnaissance.
  • Easily Integratable: Can be used standalone or integrated into larger recon pipelines.

What It Looks For

  • Hardcoded secrets (API keys, tokens, etc.)
  • Internal or hidden endpoints
  • Configuration data
  • Potential indicators of exposed logic or backend connections

Note

By default, Fakjs uses a set of regular expressions to detect common patterns. You can expand or customize these patterns for specific targets or use cases.

Installation

go install -v github.com/thd3r/fakjs@latest

Usage

Read from stdin

echo https://myserver.com/chunks.js | fakjs
cat jsUrls.txt | fakjs
cat cunks.js | fakjs

Or

fakjs -target https://myserver.com/chunks.js
fakjs -target jsUrls.txt
fakjs -target chunks.js

Tip

  • Fakjs automatically reads target input from stdin or the -target flag.
  • Fakjs automatically generates a report and saves it to a temporary folder.

Acknowledments

Since this tool includes some contributions, I'd like to publicly thank the following users for their help and resources, which provided regex patterns and guidance during the development of this project

About

A fast Go-based tool to uncover sensitive information in JavaScript

Topics

go golang osint security-tools

Resources

Readme

License

MIT license
Activity

Stars

34 stars

Watchers

0 watching

Forks

7 forks
Report repository

Releases 14

v1.1.3 Latest
Jun 22, 2025
+ 13 releases

Packages

No packages published

Languages