Note: This post is fairly incomplete and will be updated as time goes on.
Once properly enumerated, let’s extract all of the scripts that we can. This can be done by navigating to the Target tab, and selecting Site Map. Right click the target URL, head over to Engagement Tools, and then select Find Scripts.
sudo apt update -y && sudo apt upgrade -y sudo apt install python3-pip -y sudo pip3 install jsbeautifier
Once you have the tool installed, run it specifying your input and output files.
js-beautify -o beautify.js input.js
Now that the output in cleaned up, you can get started grepping through it for gold!
Helpful grep commands
To find all that contain cmsapi:
grep --color -E "'\/cmsapi\/[^']+'" beautify.jsTo find all items between single or double quotes:
grep --color -E "'\/[^']+'|\"\/[^\"]+\"" beautify.js