This Go script is designed to find potential API calls made in JavaScript files of a website. It uses the chromedp package to navigate to the website and intercept network events, then fetches the content of JavaScript files and searches for API-related patterns.
-
The script starts by defining the URL of the website you want to analyze for API calls.
-
A regular expression
apiRegexis used to identify potential API calls in the JavaScript code. The script looks for two common patterns of API calls:fetchand$.ajax. -
A headless Chrome browser context is created using
chromedp.NewContext. This context is used to control the headless browser. -
The script intercepts network events, such as
network.EventRequestWillBeSent, to analyze JavaScript files for potential API calls. -
When a JavaScript file is requested, the script downloads its content using
http.Getand removes comments to simplify parsing. -
The downloaded JavaScript code is then searched for API calls using the regular expression
apiRegex. -
If any matches are found, the API endpoints are printed to the console.
-
Replace
https://example.comwith the URL of the website you want to analyze. -
Make sure you have the necessary Go packages installed (
chromedp,net/http,regexp, etc.). -
Run the script using the Go compiler, and the API calls in the JavaScript files will be displayed in the console.
-
usage:
go run main.go https://exmaple.com/auth/
Please note that this is a simplified version of a more complex task. The provided script may not handle all scenarios, such as minified or obfuscated JavaScript code. It's important to perform automated scanning or analysis responsibly, with proper authorization from website owners and adherence to ethical standards.
Always respect website owners' terms and ensure you have explicit permission for any automated assessments or security testing.