war-and-code / libreveal.js Goto Github PK
View Code? Open in Web Editor NEWReveals third-party JavaScript libraries in use.
License: GNU General Public License v3.0
libreveal.js's People
Contributors
Stargazers
Watchers
Forkers
5l1v3r1libreveal.js's Issues
extjs console output on detection is just version number
Noticed on a recent engagement that target was using extjs but libreveal.js printed just the version number. In lieu of the expected libreveal.js: extjs @ <version here>
Quick glance looks like for whatever reason there's conditional logic in the console.log calls.
This issue covers investigation and fixing of the bug.
Update README with current detections and push a new release
(See title)
Write a "compilation script"
Ultimately I foresee libreveal.js being derived from the regular RetireJS JSON with an additional JSON file for some additions not in there (i.e. Bootstrap).
You should just be able to run like compile.py which would...
- Grab the latest of the RetireJS file
- Get all the function identifiers for libraries that are in there
- Look in some local
jsrepository.jsonfor additional ones - Automatically write out
libreveal.jswith an incremented version number - Use some "minifier" to additionally write out
libreveal.min.js - Output the result of what happened as JSON to make this all automation-friendly
This would take us to version 2.0 where little issues like #1 (assuming that truly comes from RetireJS) are irrelevant.
Add more Bootstrap identifiers
On a recent pen test, I found the tooltip identifier function for Bootstrap wasn't working.
I am not quite sure why that was but ended up looking at the source to find alternatives. One of these did work.
$.fn.alert.Constructor.VERSION
$.fn.button.Constructor.VERSION
$.fn.carousel.Constructor.VERSION
$.fn.collapse.Constructor.VERSION
$.fn.dropdown.Constructor.VERSION
$.fn.modal.Constructor.VERSION
$.fn.tooltip.Constructor.VERSION
$.fn.popover.Constructor.VERSION
$.fn.scrollspy.Constructor.VERSION
$.fn.tab.Constructor.VERSION
$.fn.affix.Constructor.VERSION
Do sanity checking of output JavaScript
Blocked by #2
When this is "compiling" JavaScript via src/compile.py, there should be some "sanity-checking" on the output.
Looks like this would be made possible by adding a requirement (there will be a requirements.txt now)
pip install pyjsparser
Then parse the script and check for an exception like so...
import pyjsparser
try:
pyjsparser.parse(output_javascript)
except:
print('Your JavaScript sucks')
Add support for YUI detection
YUI.version
(I think this came from retire.js but just found it in an old assessment notes file)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.