How to Scan a Domain

How to Scan a Domain in Jsmon

This article will guide you through the process of scanning a domain using Jsmon, a powerful tool for discovering JavaScript URLs and analyzing potential security vulnerabilities.

Step 1: Navigate to the Scans Page

• First, select your workspace.

• Click on "Go to scans" to view your previous scans and start a new one.

Step 2: Initiate a Domain Scan

• On the scans page, select "Domain Scan."

• Enter the domain you want to scan in the provided field. Jsmon supports various formats, including:

  • example.com

  • https://www.example.com

  • subdomain.example.com

Step 3: Start the Scan

• After entering the domain, click the "Submit" button to begin the scan.

• The scan's status will show as "in progress." You can click the "Reload" button to check the current status.

Step 4: View the Scan Results

• Once the status changes to "success," you can click on the scan to see an overview of the results.

• The results will be categorized into several tabs:

  • Overview: Provides a high-level summary, including the number of API endpoints and JavaScript URLs found.

  • Issues: Lists any issues detected, such as generic secrets.

  • Secrets: Details the specific secrets that were found, along with their severity.

  • Intelligence: Shows various data points like API endpoints, URLs, and domains discovered within the JavaScript files.

Step 5: View Full Scan Data

• To see the complete data for a scan, click on the "View JS intelligence" or "View All Secrets" button. This is useful because some sections, like API endpoints and domains, only show a preview of the first 25 items by default.

For more information, you can watch the full video tutorial here: How to Scan a Domain in Jsmon | Automatic JavaScript URL Discovery & Security Scan

Want to learn more? Schedule a meeting with Jsmon Team!