jshunter

command module
v0.0.0-...-1808b25 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 6, 2025 License: MIT Imports: 13 Imported by: 0

README

JShunter

JShunter is a command-line tool designed for scanning code and web resources to detect sensitive information and secrets. This tool specializes in identifying API keys, credentials, tokens, and other sensitive data that could lead to security vulnerabilities, making it an essential resource for developers, security researchers, and bug bounty hunters.

Features

  • Secrets Detection: Scans for over 80 different types of sensitive data including API keys, access tokens, private keys, and credentials
  • Multiple Input Methods: Scan individual files, entire directories, URLs, or lists of URLs
  • Recursive Scanning: Option to recursively scan directories for a comprehensive analysis
  • Web Resource Support: Fetch and analyze JavaScript, configuration files, and other resources from web URLs
  • Customizable Options: Configure threads for concurrent processing, use cookies for authenticated sessions, and set up proxy settings
  • Flexible Output: Save results to a specified output file for further analysis
  • JSON Output: Export findings in structured JSON format for easy integration with other tools
  • Extended Truncation: Display up to 200 characters of matched secrets (previously 60)
  • Filter Support: Use regular expressions to filter the results

image

Installation

You can either install using go:

go install -v github.com/cc1a2b/jshunter@latest

Or download a binary release for your platform.

Usage Examples

Scan a Local File
jshunter -f config.js
Scan a Directory
jshunter -d ./src
Scan a Directory Recursively
jshunter -d ./project --recursive
Scan a URL
jshunter -u "https://example.com/javascript.js"
Scan Multiple URLs from a File
jshunter -l urls.txt
Scan from Stdin
cat urls.txt | grep "\.js" | jshunter
Save Results to a File
jshunter -f config.js -o results.txt
Use Proxy
jshunter -u "https://example.com/config.js" -p 127.0.0.1:8080
Add Authentication Cookies
jshunter -u "https://example.com/app.js" -c "session=abc123"
JSON Output Format
jshunter -f config.js --json -o secrets.json

The JSON output includes:

  • Scan timestamp
  • Total findings and sources count
  • Detailed findings by source with categorized matches
  • Summary statistics by secret type
  • Truncation tracking for long values

Command-Line Options

  • -u, --url <URL>: Input a URL to scan for secrets
  • -l, --list <file>: Input a file with URLs (.txt) to scan
  • -f, --file <file>: Path to any file to scan for secrets
  • -d, --dir <directory>: Path to directory to scan for secrets
  • --recursive: Recursively scan directories
  • -o, --output <file>: Output file path (default: output.txt)
  • --json: Output results in JSON format (automatically enables quiet mode)
  • -t, --threads <number>: Number of concurrent threads (default: 5)
  • -c, --cookies <cookies>: Add cookies for authenticated resources
  • -p, --proxy <host:port>: Set proxy (host:port)
  • -r, --regex <pattern>: RegEx for filtering
  • -q, --quiet: Suppress ASCII art output
  • -h, --help: Display help message

License

JShunter is released under MIT license. See LICENSE.

Support Development

Buy Me A Coffee

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.