A Search Engine for cybersecurity, Javascript Analysis
• publicTable of contents
Hi everyone! New weekly post today. I love to have a habit of writing something. I don't know if I will be able to stay consistent on it, but I hope so!
Last week, I came back to my study town to see some friends, and I realized how I work better when traveling than when I am at home. Having a lot of distractions around me is not the best thing to stay focused. I'm watching too many YouTube videos and having a TV in the same room as my desk is not ideal.
But working on a train, or in a coffee shop makes my focus higher. But I'm gonna talk more about focus in another post.
I had an Idea of something I wanted to build and I started it last week.
A Search Engine for Cybersecurity?
As a security researcher, we all love to learn new stuff and discover new poc, or articles. But sometimes it's hard to discover some. You go on Twitter and you try to find some interesting links.
But when it comes to learning something on a specific topic, let's take dom clobbering for instance. How can I find all the resources about dom clobbering? ctf writeups, articles, research, bug bounty reports? It can be easily hard to find all the good stuff about it.
So I wanted to build something to aggregate all of this stuff at the same place. I first thought of doing a big obsidian, uploaded on the web, and anyone can share articles, or ctf writeups on it and then with a good search bar, you can find all that stuff. And after talking with some friends about that idea, it came that It can be nice, but quite hard to maintain.
And with the ideas of Mizu, I decided to move out to something different, a whole search engine. I looked at some resources to build it easily and I found that Elastic Search or Typesense could help me do it.
I finally used Typesense to create it, and I tried crawling a lot of writeups from ctftime and it worked! So my plan now is to make a usable website to search on it and then crawl all the best ctf writeups, articles, and bug bounty reports to have a good starting point. And then, anyone in the community will be able to aggregate a link in the search engine. Of course, this project will be open source and anyone can contribute to it. The aim is to create something big for the community, so tell me if you have other ideas about that!
Another point with typesense is that it works pretty well with AI, so then, it will be easily possible to use all of this data in an AI model to have a chatbot with all the best resources. And we would be able to make requests like "How can I exploit this dom clobbering" and it will search across all the aggregate stuff.
I'm pretty hyped by this project, as it can help everyone learn new stuff easily and in the best way in my opinion.
Javascript Analysis
As a manual hacker, I tend to learn all the best stuff to analyze my targets. And it's been a long time since I wanted to focus a bit more on JavaScript analysis.
All the websites now rely a lot on JavaScript with all the frameworks we can find. And it's a gold mine to dig deep into it. But how?
There is plenty of stuff online and tools to analyze javascript, open source tools, and good stuff. You can simply try to beautify the javascript and read it or have a script to get all the paths in the javascript. And sometimes, websites use Webpack so you need another tool to manage it.
It's pretty annoying and you finish by doing nothing and just looking at the javascript by the hand. But there is a tool that can help me do all of this automatically, called jswzl. I know it's been a while since it was released, but I never gave it a try.
This tool aims to help you analyze javascript. It runs in the background and takes all the javascript on the website you load and will unpack everything, beautify all the code, and aggregate everything on vscode to show all the interesting stuff.
With that, you can easily view all the code and navigate into it, get all the paths and API URLs, secrets tokens, and a lot of other stuff.
It's not a tool that will find bugs for you, it only helps you to view the javascript the best way. And you will need to analyze it then by yourself, but it can be very useful.
The tool is quite expensive ( around 1000$ a year ), but I got a 30-day trial. My challenge is that during this month if I get 1000$ by finding a bug using the tool, I will take a subscription, otherwise I will not use it anymore. We will see it in one month!
Ideas / Notes / Resources
- A video about jswzl if you want to see the tool in action :
- A new mXSS was found on the latest versions of DOMPurify, and one from the goat Mizu ( found using only his smartphone ) :
- And if you want to learn more about mXSS, SonarSource released a cheatsheet about that :
- I was amazed that a simple IDOR was found on hackerone. It remains me that in every website, even the big programs, you can find such a bug if you look at them :