Description
getJS extracts all JavaScript file URLs from a given webpage. JavaScript files often contain hidden API endpoints, hardcoded secrets, internal paths, and comments revealing application architecture. Essential for JS analysis during recon.
Installation
BASH
go install github.com/003random/getJS/v2@latestBasic Usage
BASH
# Get JS files from a URL
echo "https://target.com" | getJS
# Multiple URLs
cat urls.txt | getJS
# Output to file
echo "https://target.com" | getJS > js_files.txtAdvanced Usage
BASH
# Complete URLs (resolve relative paths)
echo "https://target.com" | getJS --complete
# Include inline scripts
echo "https://target.com" | getJS --complete --resolve
# Custom headers
echo "https://target.com" | getJS --header "Cookie: session=abc"
# Timeout
echo "https://target.com" | getJS --timeout 15Common Workflows
BASH
# Extract JS → Find secrets
echo "https://target.com" | getJS --complete | sort -u | while read js; do
curl -s "$js" | grep -iE "api[_-]?key|secret|token|password|aws"
done
# Full pipeline: subdomains → JS → endpoints
subfinder -d target.com -silent | httpx -silent | getJS --complete | sort -u > all_js.txt
cat all_js.txt | while read url; do python3 linkfinder.py -i "$url" -o cli; done
# Download all JS for offline analysis
echo "https://target.com" | getJS --complete | sort -u | xargs -I{} wget -q {}