test

Robert Nikolai Reith · Robert Nikolai Reith · commit 282aeb9462f3 · 2020-07-05T00:35:53.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -11,7 +11,7 @@ __pycache__/
 build/
 develop-eggs/
 dist/
-downloads/
+downloads/*
 eggs/
 .eggs/
 lib/
@@ -127,3 +127,8 @@ dmypy.json
 
 # Pyre type checker
 .pyre/
+
+
+# jsmon
+downloads/*
+targets/*
diff --git a/README.md b/README.md
@@ -1,28 +1,51 @@
-# jsmon
-JavaScript Change Monitor for BugBounty
+# JSMon
+JSMon - JavaScript Change Monitor for BugBounty
 
-## Installation
+Using this script, you can configure a number of JavaScript files on websites that you want to monitor. Everytime you run this script, these files will be fetched and compared to the previously fetched version. If they have changed, you will be notified via Telegram with a message containing a link to the script, the changed filesizes, and a diff file to inspect the changes easily.
 
-`git clone https://github.com/robre/jsmon.git & cd jsmon & TODO`
+## Installation
 
+To install JSMon:
+```bash
+git clone https://github.com/robre/jsmon.git 
+cd jsmon
+python setup.py install
+```
+
+To create a cron script to run JSMon regularly:
+```
+crontab -e
+```
+
+create an entry like this:
+```
+@daily python /path/to/jsmon.py
+```
+This will run JSMon once a day, at midnight.
+You can change ``@daily`` to whatever schedule suits you. 
+
+To configure Telegram notifications, you need to add your Telegram API key and chat_id to the code, at the start of `jsmon.py`. You can read how to get these values [here](https://blog.r0b.re/automation/bash/2020/06/30/setup-telegram-notifications-for-your-shell.html).
+
+Lastly, you need to get started with some targets that you want to monitor. Lets create an example:
+```
+echo "https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.js" >> targets/cdnjs-example
+```
+All done ! now you can run `python jsmon.py` to download the specified files for the first time!
 
 ## Features
 
-- Keep Track of endpoints - check them in a configurable interval 
-- when endpoints change - send a notification via slack/telegram/mail?
-
-
-
-## Structure
-
-- Provide Endpoints via files in $ENDPOINTS directory (line seperated endpoints)
-- Per Endpoint
-- Download Endpoints and save whole or hash? (save as its own hash.js)
-- Everyday request huge number of js files..
-- have a file that tracks hash - endpoint relations. Simple JSON
+- Keep Track of endpoints - check them in a configurable interval (using cron)
+- when endpoints change - send a notification via telegram
 
 
 ## Usage
 
-jsmon is designed to keep track of javascript files on websites - but it can be used for any filetype
-To add endpoints 
+- Provide Endpoints via files in `targets/` directory (line seperated endpoints)
+    - any number of files, with one endpoint per line
+    - e.g. one file per website, or one file per program, etc.
+- Every endpoint gets downloaded and stored in downloads/ with its hash as file name (first 10 chars of md5 hash)
+    - if it already exists nothing changes
+    - if it is changed, user gets notified
+- jsmon.json keeps track of which endpoints are associated with which filehashes
+
+- jsmon is designed to keep track of javascript files on websites - but it can be used for any filetype to add endpoints 
diff --git a/jsmon.json b/jsmon.json
@@ -1 +1 @@
-{"https://www.heise.de/assets/akwa/v19/js/akwa.js?aeb8be20b00473bc2941": ["fb6fd508d8"], "https://www.heise.de/assets/heise/hohomepage/js/hohomepage.js?92b41930cad76c61c7bc": ["1baa84caf7"], "http://r0b.re/test.js": ["d8e8fca2dc", "71f74d0894", "8a4641220d", "380b224dba"]}
+{}
diff --git a/jsmon.py b/jsmon.py
@@ -5,8 +5,12 @@
 import os
 import hashlib
 import json
+import difflib
+import jsbeautifier
+
+TELEGRAM_TOKEN = 'CHANGEME'
+TELEGRAM_CHAT_ID = 'CHANGEME'
 
-gEndpoints = {} # global Endpoint List
 
 def is_valid_endpoint(endpoint):
     regex = re.compile(
@@ -73,25 +77,54 @@ def get_previous_endpoint_hash(endpoint):
 def get_file_stats(fhash):
     return os.stat("downloads/{}".format(fhash))
 
+def get_diff(old,new):
+    opt = {
+        "indent_with_tabs": 1,
+        "keep_function_indentation": 0,
+           }
+    oldlines = open("downloads/{}".format(old), "r").readlines()
+    newlines = open("downloads/{}".format(new), "r").readlines()
+    oldbeautified = jsbeautifier.beautify("".join(oldlines), opt).splitlines()
+    newbeautified = jsbeautifier.beautify("".join(newlines), opt).splitlines()
+    # print(oldbeautified)
+    # print(newbeautified)
+
+    differ = difflib.HtmlDiff()
+    html = differ.make_file(oldbeautified,newbeautified)
+    #open("test.html", "w").write(html)
+    return html
+
 def notify(endpoint,prev, new):
+    diff = get_diff(prev,new)
     print("[!!!] Endpoint [ {} ] has changed from {} to {}".format(endpoint, prev, new))
-    TELEGRAM_TOKEN = '1216105549:AAHEfqRMGjenWQsFTp5ZXaE3ap-BK8BUBBE'
-    TELEGRAM_CHAT_ID = '115041299'
 
     prevsize = get_file_stats(prev).st_size
     newsize = get_file_stats(new).st_size
-    log_entry = "{} has been updated from {}({}) to {}({})".format(endpoint, prev,prevsize, new,newsize)
+    log_entry = "{} has been updated from <code>{}</code>(<b>{}</b>Bytes) to <code>{}</code>(<b>{}</b>Bytes)".format(endpoint, prev,prevsize, new,newsize)
     payload = {
         'chat_id': TELEGRAM_CHAT_ID,
-        'text': log_entry,
+        'caption': log_entry,
         'parse_mode': 'HTML'
     }
-    return requests.post("https://api.telegram.org/bot{token}/sendMessage".format(token=TELEGRAM_TOKEN),
-                             data=payload).content
+    fpayload = {
+        'document': ('diff.html', diff)
+    }
+
+    sendfile = requests.post("https://api.telegram.org/bot{token}/sendDocument".format(token=TELEGRAM_TOKEN),
+                             files=fpayload, data=payload)
+    #print(sendfile.content)
+    return sendfile
+    #test2 = requests.post("https://api.telegram.org/bot{token}/sendMessage".format(token=TELEGRAM_TOKEN),
+    #                         data=payload).content
+
 
 def main():
+    print("JSMon - Web File Monitor")
+    if TELEGRAM_TOKEN == "CHANGEME" or TELEGRAM_CHAT_ID == "CHANGEME":
+        print("Please Set Up your Telegram Token And Chat ID!!!")
+        
     allendpoints = get_endpoint_list('targets')
-    print(allendpoints)
+    # print(allendpoints)
 
     for ep in allendpoints:
         prev_hash = get_previous_endpoint_hash(ep)
@@ -108,3 +141,4 @@ def main():
 
 
 main()        
+
diff --git a/setup.py b/setup.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+from setuptools import setup, find_packages
+
+setup(
+    name='JSMon',
+    packages=find_packages(),
+    version='1.0',
+    description="A python script that monitors JavaScript files.",
+    long_description=open('README.md').read(),
+    author='r0bre',
+    author_email='mail@r0b.re',
+    license='MIT',
+    url='https://github.com/robre/jsmon',
+    install_requires=['requests', 'jsbeautifier'],
+)
diff --git a/targets/heise b/targets/heise
diff --git a/targets/r0bre b/targets/r0bre

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-{"https://www.heise.de/assets/akwa/v19/js/akwa.js?aeb8be20b00473bc2941": ["fb6fd508d8"], "https://www.heise.de/assets/heise/hohomepage/js/hohomepage.js?92b41930cad76c61c7bc": ["1baa84caf7"], "http://r0b.re/test.js": ["d8e8fca2dc", "71f74d0894", "8a4641220d", "380b224dba"]}`
	`1`	`+{}`