新增 腾讯云|百度云|华为云|七牛云|京东云 OSS相关的URL

Author: yyzsec

README.md

@@ -1,6 +1,28 @@
+> Forked from https://github.com/PortSwigger/js-miner
 # Burp JS Miner
 This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.
 
+## CHANGELOG
+>  与原项目的不同
+### 2023年9月24日
+* 新增 腾讯云|百度云|华为云|七牛云|京东云 OSS相关的URL
+* 新增 github token|公有云常见aksk形式 的识别
+
+## 直接下载使用
+
+https://github.com/yyzsec/js-miner/releases
+
+
+## 源码编译
+
+```bash
+git clone https://github.com/yyzsec/js-miner
+cd burp-JS-Miner
+gradle fatJar
+
+# find your jar bianry at: build/libs/burp-JS-Miner-all.jar
+```
+
 ## Background
 While assessing a web application, it is expected to enumerate information residing inside static files such as JavaScript or JSON resources. 
 
@@ -61,15 +83,7 @@ I'm open for ideas/suggestions to help improve or optimize this tool.
 
 ### Contributors; thanks to
 -  [Stanislav Kravchenko](https://linkedin.com/in/staskravchenko/): For suggesting the dependency confusion feature, besides helping with testing and improving the functionality. 
-
-### Build from source
-```
-git clone https://github.com/minamo7sen/burp-JS-Miner.git
-cd burp-JS-Miner
-gradle fatJar
-```
-Then, the jar file can be found at `build/libs/burp-JS-Miner-all.jar`.
-
+-  [PortSwigger js-miner](https://github.com/PortSwigger/js-miner): where i forked from 
 
 ## Disclaimer
 It is the user's responsibility to obey all applicable local, state and federal laws. The author assumes no liability and is not responsible for any misuse or damage caused by this tool.

src/main/java/burp/BurpExtender.java

@@ -78,6 +78,7 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
 
         mStdOut.println("[*] Loaded:\t" + EXTENSION_NAME + " v" + EXTENSION_VERSION);
         mStdOut.println("[*] Author:\tMina M. Edwar ([email protected])");
+        mStdOut.println("[*] Modifiedy by :\tyyz ([email protected])");
         mStdOut.println("=================================================");
 
         // Load extension configurations

src/main/java/burp/utils/Constants.java

@@ -26,8 +26,13 @@ private Constants() {}
                     "cloudfront.net|" +
                     "digitaloceanspaces.com|" +
                     "oraclecloud.com|" +
-                    "aliyuncs.com|" + // Ali baba
                     "firebaseio.com|" + // Firebase
+                    "aliyuncs.com|" + // Ali baba ref: https://help.aliyun.com/zh/oss/user-guide/regions-and-endpoints
+                    "myqcloud.com|" + // tencent oss ref: https://main.qcloudimg.com/raw/document/intl/product/pdf/tencent-cloud_436_6221_zh.pdf
+                    "bcebos.com|" + // baidu oss ref: https://cloud.baidu.com/doc/BOS/s/Ck1rk80hn
+                    "clouddn.com|" + // qiniu oss ref: https://www.qiniu.com/products/kodo
+                    "myhuaweicloud.com|" + // huawei oss ref: https://developer.huaweicloud.com/endpoint?OBS
+                    "jdcloud-oss.com|" + // jd yun oss ref: https://docs.jdcloud.com/cn/object-storage-service/oss-endpont-list
                     "rackcdn.com|" +
                     "objects.cdn.dream.io|objects-us-west-1.dream.io)",
             Pattern.CASE_INSENSITIVE | Pattern.MULTILINE);
@@ -48,6 +53,11 @@ private Constants() {}
                     "encrypt[_-]?(secret|key)|" +
                     "decrypt[_-]?(secret|key)|" +
                     "github[_-]?(key|token|secret)|" +
+                    "ghp_|" + // ghp_xxxxxxxxxxxx  github token
+                    "AKID|" + // tencent cloud SecretId
+                    "SecretId|" + // tencent cloud SecretId
+                    "SecretKey|" + // tencent cloud SecretKey
+                    "github_pat_|" + // github_pat_xxxxxxxxxxx Fine-grained personal access tokens
                     "slack[_-]?token)" +
                     "(\\w*)" + // in case there are any characters / white spaces
                     WHITE_SPACES +