Jsmon
JsmonPricingTalk to Sales
  • Dashboard
  • Domain Scan
  • JS URLs
  • Files Scan
  • JS Intelligence
  • Keys & Secrets
  • Monitoring
  • Reports
  • Query Data
    • Query Guide
  • JSMON API
  • Jsmon Settings
  • Profile
  • Burpsuite Extension
  • Chrome Extension
  • ◀️Go to Jsmon
Powered by GitBook
On this page
  • Domain parameter
  • Sub parameter
  • Page parameter
  • Field parameter
  • JS Urls
  • Secrets
  • Basic Detections
  • Domains/URLs
  • GraphQL
  • Cloud
  • Dependencies
  • Client-side vulnerabilities

Was this helpful?

  1. Query Data

Query Guide

Domain parameter

Uses to search in the JS URLs to query the results via the hostnames.

field=emails domain=youtube.com - Shows emails present in JS files of youtube.com/*
field=emails domain=www.youtube.com - Shows emails, JS files(www.youtube.com/*)
field=emails domain=youtube.com/static/ - Show emails, JS files(youtube.com/static/)

Sub parameter

If set to true, queries the subdomains as well of the JS URLs

field=emails domain=photos.google.com sub=true - Shows emails present in JS files of *.photos.google.com/*
field=emails domain=domain=youtube.com sub=true - Shows emails present in JS files of *.youtube.com/*

Page parameter

By default only 1000 results are shown, use the page parameter to go next to next page.

page=2

Field parameter

JS Urls

field=jsUrls - Shows JS files

Secrets

field=exposures - Shows exposed keys/secrets present inside JS files

Basic Detections

field=apis - Shows API paths present in JS files
field=emails - Shows emails present in JS files
field=ips - Shows IPv4 addresses present in JS files
field=guids - Shows GUIDs present in JS files

Domains/URLs

field=domains - Shows domains present in JS files
field=urls - Shows URLs present in JS files
field=urls-localhost - Shows localhost URLs present in JS files
field=urls-extensions - Shows URLs with file extensions present inside JS files
field=urls-socialmedia - Shows social media URLs present inside JS files
field=urls-ports - Shows URLs with ports present inside JS files

GraphQL

field=gql-queries - Shows GraphQL queries present in JS files
field=gql-mutations - Shows GraphQL mutations present in JS files
field=gql-fragments - Shows GraphQL fragments present in JS files

Cloud

field=cloud-buckets - Shows s3 buckets present in JS files
field=bucket-takeovers - Shows s3 bucket takeovers present in JS files

Dependencies

field=node-modules - Shows valid node modules present in JS files
field=node-modules-confusion - Shows npm dependency confusions

Client-side vulnerabilities

field=vuln.setTimeoutCall - Shows setTimeoutCall() occurrences inside JS files
field=vuln.exec - Shows exec() occurrences inside JS files
field=vuln.execData - Shows execData() occurrences inside JS files
field=vuln.domBasedDOS - Shows domBasedDOS vulnerable function inside JS files
PreviousQuery DataNextJSMON API

Last updated 2 days ago

Was this helpful?