GitBook

Grep tips for Javascript Analysis

💡Note: cat * is for all files from the folder.

🟣Extracting JavaScript Files from recursive Directories

find /path/to/your/folders -name "*.js" -exec mv {} /path/to/target/folder/ \;

🟣Searching for API Keys and Secrets

cat * | grep -rE "apikey|api_key|secret|token|password|auth|key|pass|user"

🟣Detecting Dangerous Function Calls

cat * | grep -rE "eval|document\.write|innerHTML|setTimeout|setInterval|Function"

🟣Checking for URL Manipulation

cat * | grep -rE "location\.href|location\.replace|location\.assign|window\.open"

🟣Searching for Cross-Origin Requests

cat * | grep -rE "XMLHttpRequest|fetch|Access-Control-Allow-Origin|withCredentials" /path/to/js/files

🟣Analyzing postMessage Usage

cat * | grep -r "postMessage"

🟣Finding Hardcoded URLs or Endpoints

cat * | grep -rE "https?://|www\."

🟣Locating Debugging Information

cat * | grep -rE "console\.log|debugger|alert|console\.dir"

🟣Investigating User Input Handling

cat * | grep -rE "document\.getElementById|document\.getElementsByClassName|document\.querySelector|document\.forms"

❤3

1.77K views09:29