JSRETK
1.0.0
作者:肖恩·皮斯斯(Sean Pesce)
nodejs腳本用於分析(縮小/混淆)JavaScript。所有工具都支持處理本地文件,通過HTTP(S)URL的遠程文件或來自標準輸入的數據。
這些工具仍在大量發展中,因此歡迎思想和貢獻。
系統軟件包:
curlnodejs (18.3+)節點模塊:
escodegenesprimaestraversesource-map注意:這些工具帶有Nick Larosa的更新版本的esrefactor版本。 Nick的版本解決了NPM中圖書館版本的一些主要問題(請參閱此處的拉動請求)。 PR版本還可以直接使用npm install ariya/esrefactor#pull/9/head ,但是為了方便起見,我將其包含在此處。
jsretk-strings該腳本從JavaScript代碼中提取字符串文字,其結果與與編譯的二進制可執行strings相似。它還支持提取JavaScript評論和REGEX文字的選項。
$ node jsretk-strings.js --help
Usage:
node jsretk-strings.js [OPTIONS] <JS_FILE_1> [[JS_FILE_2] ...]
Options:
[-h|--help] Print usage and exit
[-P|--stdin] Pipe data from stdin
[-c|--comments] Include JavaScript comments in output
[-C|--comments-only] Find ONLY JavaScript comments (no string/RegEx literals; overrides "-c")
[-r|--regex] Include Regular Expression (RegEx) literals in output
[-R|--regex-only] Find ONLY RegEx literals (no comments/string literals; overrides "-r")
[-T|--templates-only] Find ONLY template strings (no static string/RegEx literals or comments)
[-m|--min] Find strings of this length or longer (inclusive)
[-M|--max] Find strings of this length or shorter (inclusive)
[-x|--match-regex] <ex> Find strings that match the given Regular Expression
[-k|--insecure] Don't verify TLS/SSL certificates for connections when fetching remotely-hosted JS files
[-p|--curl-path] <path> Non-standard path/name for the curl command
[-B|--max-buffer] <n> Maximum size (in bytes) for remotely-fetched JS files (default: 50MB)
[-E|--encoding] <enc> Text encoding for local input/output files (default: "utf8")
[-i|--interactive] Enter interactive NodeJS prompt after completion
jsretk-unminify警告:此腳本在當前狀態下是不穩定的,不良的。
該腳本試圖通過以下方式解開JavaScript代碼。
請注意,當前的實現可能需要很長時間才能執行獨立化,因此強烈建議使用-v|--verbose標誌來監視進度。對於某些代碼庫(例如,某些反應本機部署),實驗-L|--per-line標誌可以呈指數縮短的完成時間。
$ node jsretk-unminify.js --help
Usage:
node jsretk-unminify.js [OPTIONS] <JS_FILE_1> [[JS_FILE_2] ...]
Options:
[-h|--help] Print usage and exit
[-P|--stdin] Pipe data from stdin
[-v|--verbose] Enable verbose output
[-o|--output-dir] <dir> Output directory (default: "jsretk-out")
[-O|--overwrite] If output file(s) exist, automatically overwrite
[-t|--tab] Use tab characters ("t") instead of spaces for indenting formatted code
[-I|--indent] <n> Number of spaces (or tabs) used for indenting formatted code (default: 4 spaces or 1 tab)
[-r|--rename-len] <n> Rename variables if names are shorter than or equal to this value (default: 2 characters)
[-R|--no-rename] Don't rename variables to unique names
[-F|--no-format] Don't format the code for readability
[-C|--char-iter] Iterate over characters instead of tokens during refactoring. Significantly slower; may produce slightly different output
[-s|--smart-rename] (EXPERIMENTAL) Use various heuristics to attempt to generate more informative variable names
[-L|--per-line] (EXPERIMENTAL) Attempt to refactor code line by line (rather than the whole file at once). Useful for some react-native deployments, but fails on many (most?) codebases
[-k|--insecure] Don't verify TLS/SSL certificates for connections when fetching remotely-hosted JS files
[-p|--curl-path] <path> Non-standard path/name for the curl command
[-B|--max-buffer] <n> Maximum size (in bytes) for remotely-fetched JS files (default: 50MB)
[-E|--encoding] <enc> Text encoding for local input/output files (default: "utf8")
[-i|--interactive] Enter interactive NodeJS prompt after completion
jsretk-unsourcemap此腳本基於Tim McCormack的原始代碼,從JS/源地圖文件( *.js.map )恢復JavaScript/Typescript源代碼。
$ node jsretk-unsourcemap.js --help
usage: jsretk-unsourcemap.js [-h] src-js src-map out-dir
Deobfuscate JavaScript code using a source map
positional arguments:
src-js Path to JavaScript file to recover
src-map Path to source-map to recover from
out-dir Path to directory where sources will be dumped
optional arguments:
-h, --help show this help message and exit
有關我的查詢和/或信息,請訪問我的個人網站。
