How to Scan a Domain
How to Scan a Domain in Jsmon
This article will guide you through the process of scanning a domain using Jsmon, a powerful tool for discovering JavaScript URLs and analyzing potential security vulnerabilities.
Step 1: Navigate to the Scans Page
First, select your workspace.
Click on "Go to scans" to view your previous scans and start a new one.
Step 2: Initiate a Domain Scan
On the scans page, select "Domain Scan."
Enter the domain you want to scan in the provided field. Jsmon supports various formats, including:
example.comhttps://www.example.comsubdomain.example.com
Step 3: Start the Scan
After entering the domain, click the "Submit" button to begin the scan.
The scan's status will show as "in progress." You can click the "Reload" button to check the current status.
Step 4: View the Scan Results
Once the status changes to "success," you can click on the scan to see an overview of the results.
The results will be categorized into several tabs:
Overview: Provides a high-level summary, including the number of API endpoints and JavaScript URLs found.
Issues: Lists any issues detected, such as generic secrets.
Secrets: Details the specific secrets that were found, along with their severity.
Intelligence: Shows various data points like API endpoints, URLs, and domains discovered within the JavaScript files.
Step 5: View Full Scan Data
To see the complete data for a scan, click on the "View JS intelligence" or "View All Secrets" button. This is useful because some sections, like API endpoints and domains, only show a preview of the first 25 items by default.
For more information, you can watch the full video tutorial here: How to Scan a Domain in Jsmon | Automatic JavaScript URL Discovery & Security Scan
Last updated