To install JSMon:
git clone https://github.com/robre/jsmon.git
python setup.py install
You need to set up your Slack or Telegram token in the Environment, e.g. by creating a
touch .env With The Contents:
JSMON_TELEGRAM_TOKEN=YOUR TELEGRAM TOKEN
JSMON_TELEGRAM_CHAT_ID=YOUR TELEGRAM CHAT ID
To Enable slack, uncomment the slack lines in the env and add your token.
To create a cron script to run JSMon regularly:
create an entry like this:
Note that you should run the
.sh file, because otherwise the environment will be messed up.
This will run JSMon once a day, at midnight. You can change
@daily to whatever schedule suits you.
To configure Telegram notifications, you need to add your Telegram API key and chat_id to the code, at the start of
jsmon.py. You can read how to get these values here.
Note, for Slack Support, you need to set up your slack app correctly and use the slack oauth token. The App needs to have file upload rights and needs to be in the channel that you want it in.. Lastly, you need to get started with some targets that you want to monitor. Lets create an example:
echo "https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.js" >> targets/cdnjs-example
All done ! now you can run
python jsmon.py to download the specified files for the first time!
- Keep Track of endpoints – check them in a configurable interval (using cron)
- when endpoints change – send a notification via Telegram or Slack
Provide Endpoints via files in
targets/directory (line seperated endpoints)
- any number of files, with one endpoint per line
- e.g. one file per website, or one file per program, etc.
Every endpoint gets downloaded and stored in downloads/ with its hash as file name (first 10 chars of md5 hash)
- if it already exists nothing changes
- if it is changed, user gets notified
jsmon.json keeps track of which endpoints are associated with which filehashes
@r0bre – Core
@Yassineaboukir – Slack Notifications
Source : KitPloit – PenTest Tools!