JSMon – JavaScript Change Monitor for Bug Bounty

By /

Listen to this Post

Using this script, you can configure a number of JavaScript files on websites that you want to monitor. Every time you run this script, these files will be fetched and compared to the previously fetched version. If they have changed, you will be notified via Telegram with a message containing a link to the script, the changed file sizes, and a diff file to inspect the changes easily.

Github:

https://lnkd.in/g6GYM6Gu

You Should Know:

To effectively use JSMon for monitoring JavaScript changes, follow these steps:

1. Install Dependencies:

Ensure you have Python 3.x installed. Install the required libraries using pip:

pip install requests difflib python-telegram-bot

2. Clone the Repository:

Clone the JSMon repository from GitHub:

git clone https://github.com/r0bre/jsmon.git
cd jsmon

3. Configure the Script:

Edit the `config.json` file to include the URLs of the JavaScript files you want to monitor and your Telegram bot token and chat ID:

{
"telegram_token": "YOUR_TELEGRAM_BOT_TOKEN",
"telegram_chat_id": "YOUR_CHAT_ID",
"urls": [
"https://example.com/script1.js",
"https://example.com/script2.js"
]
}

4. Run the Script:

Execute the script to start monitoring:

python jsmon.py

5. Automate Monitoring:

Use a cron job to run the script periodically. Add the following line to your crontab:

*/30 * * * * /usr/bin/python3 /path/to/jsmon/jsmon.py

6. Analyze Changes:

When changes are detected, the script will send a Telegram notification with a diff file. Use the diff file to inspect changes:

diff -u old_file.js new_file.js

What Undercode Say:

JSMon is a powerful tool for bug bounty hunters and security researchers to monitor JavaScript files for unauthorized changes. By automating the process of detecting changes, you can quickly identify potential security vulnerabilities or malicious modifications. Integrating this tool into your workflow with cron jobs and Telegram notifications ensures you stay updated in real-time. Additionally, leveraging Linux commands like `diff` and `cron` enhances your ability to manage and analyze changes efficiently.

For further reading on JavaScript security and monitoring, check out:
OWASP JavaScript Security Cheat Sheet
Mozilla Developer Network (MDN) JavaScript Guide

By combining JSMon with robust Linux commands and practices, you can significantly improve your web application security posture.

References:

Reported By: Abhirup Konwar – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: