linkfinder
JavaScript endpoint extractor.
Quickstart
linkfinder -i https://target.com/main.js -o cli
linkfinder -i https://target.com -o cli
linkfinder -i https://target.com/app.js -o results.html
Core Concepts
| Concept |
Description |
| Endpoint extraction |
Find URLs/paths in JS |
| Regex patterns |
Match common endpoint formats |
| Burp integration |
Works with Burp Suite |
Syntax
linkfinder -i <input> -o <output> [options]
Options
| Option |
Description |
-i <input> |
Input (URL or file) |
-o <output> |
Output (cli, html, file) |
-r <regex> |
Custom regex |
-d <domain> |
Domain scope |
-b |
Burp input mode |
-c <cookies> |
Cookies |
Recipes
Basic Usage
linkfinder -i https://target.com/static/js/main.js -o cli
linkfinder -i https://target.com -o cli
linkfinder -i https://target.com -o results.html
Multiple Files
for js in $(cat js_files.txt); do
linkfinder -i "$js" -o cli
done | sort -u
cat js_urls.txt | while read url; do
linkfinder -i "$url" -o cli
done | sort -u
Domain Scoped
linkfinder -i https://target.com -o cli -d target.com
With Authentication
linkfinder -i https://target.com -o cli -c "session=abc123"
Custom Regex
linkfinder -i https://target.com -o cli -r "api/v[0-9]+/[a-z]+"
Pipeline
katana -u https://target.com -silent | grep "\.js" | while read js; do
linkfinder -i "$js" -o cli 2>/dev/null
done | sort -u
echo "https://target.com" | httpx -silent | \
while read url; do linkfinder -i "$url" -o cli; done | sort -u
linkfinder -i https://target.com -o cli | \
grep -E "^/" | \
sed "s|^|https://target.com|" | \
httpx -silent
From Burp
linkfinder -i burp_response.txt -b -o cli
Output & Parsing
linkfinder -i https://target.com -o cli | sort -u
linkfinder -i https://target.com -o report.html
linkfinder -i https://target.com -o cli | grep -E "/api|/v[0-9]"
linkfinder -i https://target.com -o cli | grep -E "^http"
Troubleshooting
| Issue |
Solution |
| No endpoints |
JS might be obfuscated |
| Timeout |
Check URL, network |
| Too much noise |
Use -d domain filter |
References