JSRETK
1.0.0
作者:肖恩·皮斯斯(Sean Pesce)
nodejs脚本用于分析(缩小/混淆)JavaScript。所有工具都支持处理本地文件,通过HTTP(S)URL的远程文件或来自标准输入的数据。
这些工具仍在大量发展中,因此欢迎思想和贡献。
系统软件包:
curlnodejs (18.3+)节点模块:
escodegenesprimaestraversesource-map注意:这些工具带有Nick Larosa的更新版本的esrefactor版本。 Nick的版本解决了NPM中图书馆版本的一些主要问题(请参阅此处的拉动请求)。 PR版本还可以直接使用npm install ariya/esrefactor#pull/9/head ,但是为了方便起见,我将其包含在此处。
jsretk-strings该脚本从JavaScript代码中提取字符串文字,其结果与与编译的二进制可执行strings相似。它还支持提取JavaScript评论和REGEX文字的选项。
$ node jsretk-strings.js --help
Usage:
node jsretk-strings.js [OPTIONS] <JS_FILE_1> [[JS_FILE_2] ...]
Options:
[-h|--help] Print usage and exit
[-P|--stdin] Pipe data from stdin
[-c|--comments] Include JavaScript comments in output
[-C|--comments-only] Find ONLY JavaScript comments (no string/RegEx literals; overrides "-c")
[-r|--regex] Include Regular Expression (RegEx) literals in output
[-R|--regex-only] Find ONLY RegEx literals (no comments/string literals; overrides "-r")
[-T|--templates-only] Find ONLY template strings (no static string/RegEx literals or comments)
[-m|--min] Find strings of this length or longer (inclusive)
[-M|--max] Find strings of this length or shorter (inclusive)
[-x|--match-regex] <ex> Find strings that match the given Regular Expression
[-k|--insecure] Don't verify TLS/SSL certificates for connections when fetching remotely-hosted JS files
[-p|--curl-path] <path> Non-standard path/name for the curl command
[-B|--max-buffer] <n> Maximum size (in bytes) for remotely-fetched JS files (default: 50MB)
[-E|--encoding] <enc> Text encoding for local input/output files (default: "utf8")
[-i|--interactive] Enter interactive NodeJS prompt after completion
jsretk-unminify警告:此脚本在当前状态下是不稳定的,不良的。
该脚本试图通过以下方式解开JavaScript代码。
请注意,当前的实现可能需要很长时间才能执行独立化,因此强烈建议使用-v|--verbose标志来监视进度。对于某些代码库(例如,某些反应本机部署),实验-L|--per-line标志可以呈指数缩短的完成时间。
$ node jsretk-unminify.js --help
Usage:
node jsretk-unminify.js [OPTIONS] <JS_FILE_1> [[JS_FILE_2] ...]
Options:
[-h|--help] Print usage and exit
[-P|--stdin] Pipe data from stdin
[-v|--verbose] Enable verbose output
[-o|--output-dir] <dir> Output directory (default: "jsretk-out")
[-O|--overwrite] If output file(s) exist, automatically overwrite
[-t|--tab] Use tab characters ("t") instead of spaces for indenting formatted code
[-I|--indent] <n> Number of spaces (or tabs) used for indenting formatted code (default: 4 spaces or 1 tab)
[-r|--rename-len] <n> Rename variables if names are shorter than or equal to this value (default: 2 characters)
[-R|--no-rename] Don't rename variables to unique names
[-F|--no-format] Don't format the code for readability
[-C|--char-iter] Iterate over characters instead of tokens during refactoring. Significantly slower; may produce slightly different output
[-s|--smart-rename] (EXPERIMENTAL) Use various heuristics to attempt to generate more informative variable names
[-L|--per-line] (EXPERIMENTAL) Attempt to refactor code line by line (rather than the whole file at once). Useful for some react-native deployments, but fails on many (most?) codebases
[-k|--insecure] Don't verify TLS/SSL certificates for connections when fetching remotely-hosted JS files
[-p|--curl-path] <path> Non-standard path/name for the curl command
[-B|--max-buffer] <n> Maximum size (in bytes) for remotely-fetched JS files (default: 50MB)
[-E|--encoding] <enc> Text encoding for local input/output files (default: "utf8")
[-i|--interactive] Enter interactive NodeJS prompt after completion
jsretk-unsourcemap此脚本基于Tim McCormack的原始代码,从JS/源地图文件( *.js.map )恢复JavaScript/Typescript源代码。
$ node jsretk-unsourcemap.js --help
usage: jsretk-unsourcemap.js [-h] src-js src-map out-dir
Deobfuscate JavaScript code using a source map
positional arguments:
src-js Path to JavaScript file to recover
src-map Path to source-map to recover from
out-dir Path to directory where sources will be dumped
optional arguments:
-h, --help show this help message and exit
有关我的查询和/或信息,请访问我的个人网站。
