Grep tips for Javascript Analysis | Bug Bounty
Extracting JavaScript Files from recursive Directories
find /path/to/your/folders -name “*.js” -exec mv {} /path/to/target/folder/ \;
cat * is for all files from the folder.
Searching for API Keys and Secrets
cat * | grep -rE “apikey|api_key|secret|token|password|auth|key|pass|user”
Detecting Dangerous Function Calls
cat * | grep -rE “eval|document\.write|innerHTML|setTimeout|setInterval|Function”
Checking for URL Manipulation
cat * | grep -rE “location\.href|location\.replace|location\.assign|window\.open”
Searching for Cross-Origin Requests
cat * | grep -rE “XMLHttpRequest|fetch|Access-Control-Allow-Origin|withCredentials” /path/to/js/files
Analyzing `postMessage` Usage
cat * | grep -r “postMessage”
Finding Hardcoded URLs or Endpoints
cat * | grep -rE “https?://|www\.”
Locating Debugging Information
cat * | grep -rE “console\.log|debugger|alert|console\.dir”
Investigating User Input Handling
cat * | grep -rE “document\.getElementById|document\.getElementsByClassName|document\.querySelector|document\.forms”