A powerful JavaScript monitoring B518 tool for bug bounty hunters. Track changes in JavaScript files across websites, detect new attack surfaces, and stay ahead of security vulnerabilities.
- 🔍 Monitor JavaScript files from any website
- 📊 Git-based version control of changes
- 🌐 Clean web UI for easy configuration
- 🔔 Telegram notifications for instant alerts
- ⚡ Configurable monitoring intervals
- 🔄 Automatic retry and timeout mechanisms
- 📝 Efficient diff viewing for quick analysis
- 🛡️ Automatic error handling and retry mechanisms
- 🎮 Web interface for easy management of monitored URLs
The easiest way to run JSDif is using Docker:
# Clone the repository
git clone https://github.com/mirzaaghazadeh/jsdif.git
cd jsdif
# Start with Docker Compose
docker compose up -dAccess the web interface at http://localhost:9093
For detailed Docker setup instructions including:
- Authentication configuration
- Custom port configuration
- Data persistence management
- Container management
- Troubleshooting guide
👉 See DOCKER.md
- Go 1.20 or higher
- Git installed and accessible from PATH
- Linux, macOS, or Windows operating system
go install github.com/mirzaaghazadeh/jsdif@latestBasic usage without authentication:
jsdif run -p 9093Optional basic authentication:
jsdif -u admin --password secret -p 9093 runAvailable flags:
-p: Port number (default: 9093)-u: (Optional) Username for authentication on web gui--password: (Optional) Password for authentication on web gui
Access the web interface at http://localhost:9093 to start monitoring your targets.
- Add/Edit/Remove monitored URLs
- Configure monitoring intervals per URL
- View real-time status of each watcher
- Set custom timeout values
- Browse through historical changes
- View detailed diffs between versions
- Toggle monitoring status (active/disabled)
- Create a new bot using @BotFather on Telegram
- Get your bot token
- Get your chat ID (you can use @userinfobot)
- Configure notifications in the web interface:
- Enable notifications
- Select Telegram as the notification type
- Enter your bot token
- Enter your chat ID
- 🎯 Track new JavaScript endpoints and APIs
- 🔑 Monitor for leaked sensitive information
- 🛡️ Detect changes in security controls
- 🚀 Find new features before they're officially released
⚠️ Identify removed security checks- 📦 Track third-party script changes
- 🔒 Monitor authentication/authorization changes
git clone https://github.com/mirzaaghazadeh/jsdif.git
cd jsdif
go build -o jsdif- Port:
-pflag to set the server port (default: 9093) - Authentication: Optional basic auth protection
-u: Username for web interface access--password: Password for web interface access
The web interface allows you to configure:
- URL: The target website to monitor
- Interval: How often to check for changes (in minutes)
- Status: Active or Disabled
- Timeout: Maximum number of retry attempts before disabling
- Notifications: Telegram notification settings
- Enable/Disable notifications
- Bot Token
- Chat ID
If you encounter any bugs or have feature requests, please:
- Check the existing issues on GitHub
- Create a new issue with:
- Detailed description of the problem
- Steps to reproduce
- Expected vs actual behavior
- System information (OS, Go version)
This project is open source. Feel free to use and contribute!