Description
LinkFinder discovers endpoints and their parameters in JavaScript files. It uses jsbeautifier and regex to find URL patterns. Critical for finding hidden API endpoints, admin paths, and internal routes during recon.
Installation
BASH
git clone https://github.com/GerbenJavado/LinkFinder.git
cd LinkFinder
pip3 install -r requirements.txt
python3 setup.py installBasic Usage
BASH
# Find endpoints in a JS file URL
python3 linkfinder.py -i https://target.com/app.js -o cli
# Analyze a domain (crawl JS)
python3 linkfinder.py -i https://target.com -d -o cli
# Output to HTML
python3 linkfinder.py -i https://target.com -d -o results.htmlAdvanced Usage
BASH
# Specific JS file with regex filter
python3 linkfinder.py -i https://target.com/static/main.js -o cli -r "api|admin|internal"
# Analyze local JS file
python3 linkfinder.py -i /path/to/file.js -o cli
# Burp Suite integration — analyze all in-scope JS
python3 linkfinder.py -i burpexport.xml -b -o cli
# Cookie/auth required
python3 linkfinder.py -i https://target.com -d -o cli -c "session=abc123"Common Workflows
BASH
# Collect all JS URLs then extract endpoints
gau target.com | grep "\.js$" | sort -u > js_urls.txt
while read url; do python3 linkfinder.py -i "$url" -o cli; done < js_urls.txt | sort -u
# Pipeline with httpx
subfinder -d target.com -silent | httpx -silent | while read url; do
python3 linkfinder.py -i "$url" -d -o cli
done | sort -u | tee all_endpoints.txt
# Look for API keys and secrets in endpoints
python3 linkfinder.py -i https://target.com -d -o cli | grep -iE "api|key|secret|token|auth"