> For the complete documentation index, see [llms.txt](https://lookbook.cyberjungles.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://lookbook.cyberjungles.com/appsecnotes/3rd-party-recon-with-javascript-part1.md).

# 3rd Party Recon with Javascript - Part1

In a security test engagement, there are many ways to find 3rd Party Libraries like browser and burp extensions. So, I'm using them in my tests. But I noticed that I couldn't see all the libraries except the vulnerable ones in these extensions. So, I'm checking with JavaScipt for complete visibility, especially while JS lib recon. You can see all the JS files, such as custom coded for the project. If you are lucky or in a vulnerable environment, you can find sensitive data, logic problems, etc., in these JS files. Easily developer console is a blessing!\
\
Let's see my little notes. \
\
It's getting all the JS files that are called on the page. querySelectorAll is the key in this tiny script. As you guessed, it's selecting all the \<script> tags to check their source attribute.

```javascript
const getScripts = function() {

    const scripts = document.querySelectorAll('script');
        scripts.forEach((script) => { if (script.src) {
            console.log(`i: ${script.src}`);
        }
    }); 
};
getScripts();
```

<figure><img src="/files/WeOBwjJSK2gnRlZ4gS1g" alt=""><figcaption></figcaption></figure>

You can easily modify this script if you have another target tag to see its attribute values. The secret thing is, what do you want from the DOM?

Tiny things:

```javascript
console.log(Ember.VERSION); // Ember JS version check in Dev Console
```

<figure><img src="/files/hJxeY5SDehqTg5qFcxqF" alt=""><figcaption></figcaption></figure>

```javascript
const elements = getAllAngularRootElements();
const version = elements[0].attributes['ng-version'];
console.log(version); // Let's see the Angular version!
```

<figure><img src="/files/oZvWFrnXnNosAoXRSnEK" alt=""><figcaption></figcaption></figure>

```javascript
const version = React.version;
console.log(version); //Show me the React version
```

<figure><img src="/files/JM3XRkP7h1NWdZOqkwql" alt=""><figcaption></figcaption></figure>

**BONUS:**\
\
CSS is as important as JS files. Let's check it then!

{% code lineNumbers="true" %}

```javascript
const getStyles = function() {
   const scripts = document.querySelectorAll('link');
       scripts.forEach((link) => {
           if (link.rel === 'stylesheet') {
               console.log(`i: ${link.getAttribute('href')}`);
           }
       }); 
};

getStyles();
```

{% endcode %}

-EOF


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://lookbook.cyberjungles.com/appsecnotes/3rd-party-recon-with-javascript-part1.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.