JSDif Watcher 🕵️‍♂️ V.1.0.2

A powerful JavaScript monitoring tool for bug bounty hunters. Track changes in JavaScript files across websites, detect new attack surfaces, and stay ahead of security vulnerabilities.

🎯 Features

• 🔍 Monitor JavaScript files from any website
• 📊 Git-based version control of changes
• 🌐 Clean web UI for easy configuration
• 🔔 Telegram notifications for instant alerts
• ⚡ Configurable monitoring intervals
• 🔄 Automatic retry and timeout mechanisms
• 📝 Efficient diff viewing for quick analysis
• 🛡️ Automatic error handling and retry mechanisms
• 🎮 Web interface for easy management of monitored URLs

🚀 Quick Start

Docker Installation (Recommended)

The easiest way to run JSDif is using Docker:

# Clone the repository
git clone https://github.com/mirzaaghazadeh/jsdif.git
cd jsdif

# Start with Docker Compose
docker compose up -d

Access the web interface at http://localhost:9093

For detailed Docker setup instructions including:

• Authentication configuration
• Custom port configuration
• Data persistence management
• Container management
• Troubleshooting guide

👉 See DOCKER.md

Manual Installation

Requirements

• Go 1.20 or higher
• Git installed and accessible from PATH
• Linux, macOS, or Windows operating system

Installation

go install github.com/mirzaaghazadeh/jsdif@latest

Usage

Basic usage without authentication:

jsdif run -p 9093

Optional basic authentication:

jsdif -u admin --password secret -p 9093 run

Available flags:

• -p: Port number (default: 9093)
• -u: (Optional) Username for authentication on web gui
• --password: (Optional) Password for authentication on web gui

Access the web interface at http://localhost:9093 to start monitoring your targets.

💻 Web Interface Features

• Add/Edit/Remove monitored URLs
• Configure monitoring intervals per URL
• View real-time status of each watcher
• Set custom timeout values
• Browse through historical changes
• View detailed diffs between versions
• Toggle monitoring status (active/disabled)

🔔 Notification Setup

Telegram Notifications

1. Create a new bot using @BotFather on Telegram
2. Get your bot token
3. Get your chat ID (you can use @userinfobot)
4. Configure notifications in the web interface:
   • Enable notifications
   • Select Telegram as the notification type
   • Enter your bot token
   • Enter your chat ID

🔥 Bug Bounty Use Cases

• 🎯 Track new JavaScript endpoints and APIs
• 🔑 Monitor for leaked sensitive information
• 🛡️ Detect changes in security controls
• 🚀 Find new features before they're officially released
• ⚠️ Identify removed security checks
• 📦 Track third-party script changes
• 🔒 Monitor authentication/authorization changes

🔨 Building from Source

git clone https://github.com/mirzaaghazadeh/jsdif.git
cd jsdif
go build -o jsdif

⚙️ Configuration

Command Line Options

• Port: -p flag to set the server port (default: 9093)
• Authentication: Optional basic auth protection
  • -u: Username for web interface access
  • --password: Password for web interface access

Web Interface Settings

The web interface allows you to configure:

• URL: The target website to monitor
• Interval: How often to check for changes (in minutes)
• Status: Active or Disabled
• Timeout: Maximum number of retry attempts before disabling
• Notifications: Telegram notification settings
  • Enable/Disable notifications
  • Bot Token
  • Chat ID

🐛 Reporting Issues

If you encounter any bugs or have feature requests, please:

1. Check the existing issues on GitHub
2. Create a new issue with:
   • Detailed description of the problem
   • Steps to reproduce
   • Expected vs actual behavior
   • System information (OS, Go version)

📝 License

This project is open source. Feel free to use and contribute!

---

⚠️ Note: This tool is intended for bug bounty hunting and security research. Use responsibly and follow program policies.