Discovery & Enumeration
It can be extremely useful to identify all the libraries and versions used by a website. This information can significantly aid in vulnerability discovery, as some of these libraries may have known issues. Additionally, finding custom script elements created specifically by the developers for that website can provide valuable insights.
When JavaScript files are built, the output is typically written to a dist
or public
subdirectory. Only the necessary files are minified, and the rest are discarded. These files are then imported into the application. If you observe a dist
or public
subdirectory, rather than just including everything within the main JavaScript library file, it means that all files within the directory could provide an expanded attack surface for vulnerability exploration. You can test if a subdomain exists and whether the library is public, allowing you to retrieve files like readme.md
, for instance.
JS Library
/vendor
JS Custom
/script
Fuzzing
Library
Fuzz the directory /vendor/FUZZ to find other library used by the web application (Wordlist (opens in a new tab) Ex: Only select top 10k from this list)
jq '.[0:10000]' names.json | grep "," | cut -d '"' -f 2 > javascript_library.txt
gobusteer dir -w ./javascript_library.txt -u domain.com/js/vendor
Version
Perform extensive testing by submitting various inputs and configurations to the library version in order to uncover potential vulnerabilities, unexpected behaviors, or weaknesses. This process involves systematically probing the version with random or targeted data to ensure its robustness and security under different conditions.
# Get a list of the identified library
while read l; do echo "===$l==="; gobuster dir -w /usr/share/seclists/Discovery/Web-Content/quickhits.txt -k -q -u $l; done < packages.txt
# Check if it has discover the README.md | Search for versionning inside them
# Download the library and search for potential vulnerability | Google version and library and see if there is any vulnerability already discover
# Search for .html files inside the library for XSS/DOM vulnerability (User imput)