Shulou(Shulou.com)06/01 Report--

This article shows you how JSMon, a monitoring tool for JavaScript scripts, is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

JSMon

JSMon is a monitoring tool for JavaScript scripts designed specifically for vulnerability Hunter. With the help of this script, we can easily configure the number and number of JavaScript script files that need to be monitored on the website. Whenever we run the script, these files will be captured by JSMon and analyzed and compared with the previously captured version. If the file state changes, JSMon will send us a message via Telegram to notify us, including the link address to the script, the modified file size, and the latest script file, so as to help researchers analyze and compare files more easily.

The tool is based on Python development, so it has good cross-platform features.

Function introduction

Continuously track the target node: use to periodically detect the target status from the cron

Node changes: send notification messages via Telegram or Slack

Tool installation

The majority of researchers can use the following command to clone the project source code locally and run the installation script:

Git clone https://github.com/robre/jsmon.gitcd jsmonpython setup.py install

Don't forget, we also need to configure Slack or Telegram tokens in the device environment, such as creating an .env file that contains the following:

Touch .envJSMON _ NOTIFY_TELEGRAM=TrueJSMON_TELEGRAM_TOKEN=YOUR TELEGRAM TOKENJSMON_TELEGRAM_CHAT_ID=YOUR TELEGRAM CHAT ID#JSMON_NOTIFY_SLACK=True#JSMON_SLACK_TOKEN=sometoken#JSMON_SLACK_CHANNEL_ID=somechannel

To enable Slack, comment out the configuration line about Slack in the environment variable, and then add our own access token.

To create a cron script to run JSMon periodically, you can run the following command:

Crontab-e

Create an entry point as follows:

@ daily / path/to/jsmon.sh

It is important to note that we are running a .sh file, otherwise there will be problems with our device environment.

This command will execute JSMon once a day at midnight, and we can modify the @ daily parameter according to our needs.

When configuring Telegram notifications, we also need to add our own Telegram API key and chat_id at the beginning of the configuration code jsmon.py. [reference documentation]

For Slack support, we also need to configure our Slack application correctly and then use our own Slack oAuth authentication token. Slack applications need to have file upload permissions and configure the corresponding communication channel. Finally, we need to configure a target object that needs to be monitored. The following is a sample creation:

Echo "https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.js" > > targets/cdnjs-example

After the configuration is complete, we can run the following command to download the specified file:

Use of python jsmon.py tool

Provide node information through files under the targets/ folder in the project directory (one node per line):

Support to configure any number of script files, each on one line

For example, one file per website, or one file per program, and so on.

Each node is downloaded and stored in the downloads/ folder with the corresponding hash as the file name, that is, the first 10 characters of the md5 hash:

If the file already exists, no change has occurred

If the file changes, the user will receive a notification message

Jsmon.json keeps track of bound nodes based on file hashes.

JSMon can continuously track JavaScript script files in the target site, but it also supports tracking any file type in the target node, which is very Nice!

The tool uses screenshots

The above is what JSMon, a monitoring tool for JavaScript scripts, is like. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.