Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux
Installation of LinkFinder Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/GerbenJavado/LinkFinder.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: You are in the directory of the LinkFinder. Now you have to install a dependency of the LinkFinder using the following command.
sudo pip3 install -r requirements.txt
Step 4: Run the setup.py file to complete the installation.
sudo python3 setup.py install
Step 5: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.
python3 linkfinder.py -h
Working with LinkFinder Tool on Kali Linux OS
python3 linkfinder.py -i https://geeksforgeeks.org -o results.html
We are displaying the results which were saved in the .html format file.
Example 2: CLI/STDOUT output (doesn’t use jsbeautifier, which makes it very fast)
python3 linkfinder.py -i https://geeksforgeeks.org -o cli
In this example, we are displaying the results or endpoints in the terminal itself.
Example 3: Analyzing an entire domain and its JS files
python3 linkfinder.py -i https://geeksforgeeks.org -d
In this example, we will be performing a deep scan on https://geeksforgeeks.org
Example 4: Burp input (select in target the files you want to save, right-click, Save selected items, feed that file as input)
python3 linkfinder.py -i burp.txt -b
In this example, we are passing input to the tool from the burp.txt file.
We have got the results and the endpoints of the JS files.
python3 linkfinder.py -i ‘Desktop/*.js’ -r ^/api/ -o results.html
In this example, we are searching for .js files from the Desktop directory and looking for the endpoint /api/.
Example 6: Ignore certain js files (like external libs) provided by -g –ignore
python3 SecretFinder.py -i https://geeksforgeeks.org/ -e -g ‘jquery;bootstrap;api.google.com’
In this example, we are ignoring certain JS files which are not very important.
Example 7: Process only certain js files provided by -n –only
python3 SecretFinder.py -i https://geeksforgeeks.org/ -e -n ‘d3i4yxtzktqr9n.cloudfront.net;www.myexternaljs.com’
In this example, we are including important js files for searching.
Example 8: Use your regex
python3 SecretFinder.py -i https://example.com/1.js -o cli -r ‘apikey=my.api.key[a-zA-Z]+’
In this example, we are specifying our own custom Regex for searching.
Example 9: Other options: add headers, proxy, and cookies
python3 SecretFinder.py -i https://example.com/ -e -o cli -c ‘mysessionid=111234’ -H ‘x-header:value1\nx-header2:value2’ -p 127.0.0.1:8080 -r ‘apikey=my.api.key[a-zA-Z]+’
In this example, we are adding headers, proxy, and cookies for hiding the identity.
Example 10: Open SecretFinder.py and add your regex
In this example, we are directly inserting the Regex onto the main Python file.