Preparing for an Engagement                                                 Chapter 3

            That EPXOMPBE@TDSJQU   function might not ring a bell because we haven't written it yet.
            But that's what we want d a function that takes the TSD attribute path, builds the link to the
            resource, and downloads it into the directory we've specified:

                def download_script(uri):
                    address = url + uri if uri[0] == '/' else uri
                    filename = address[address.rfind("/")+1:address.rfind("js")+2]
                    req = requests.get(url)
                    with open(directory + '/' + filename, 'wb') as file:
                        file.write(req.content)
            Each line is pretty direct. After the function definition, the HTTP address of the script is
            created using a Python ternary. If the TSD attribute starts with  , it's a relative path and can
            just be appended onto the hostname; if it doesn't, it must be a full/absolute link. Ternaries
            can be funky but also powerfully expressive once you get the hang of them.

            The second line of the function creates the filename of the JavaScript library link by finding
            the character index of the last forward slash (BEESFTT SGJOE     ) and the index of the
            KT file extension, plus 2 to avoid slicing off the KT part (BEESFTT SGJOE  KT     ), and
            then uses the <CFHJO FOE> list-slicing syntax to create a new string from just the specified
            indices.

            Then, in the third line, the script pulls data from the assembled address using SFRVFTUT,
            creates a new file using a context manager, and writes the page source code to
             EJSFDUPSZ GJMFOBNF KT. Now you have a location, the path passed in as an argument,
            and all of the JavaScript from a particular page saved inside of it.


            Putting It All Together

            So what does it look like when we put it all together? It's simple d we can construct a one-
            liner to scan the JavaScript of a target site just by passing the right directory references:

                grabjs https://www.target.site sourcejs; scanjs sourcejs output.json |
                formatjs

            Keep in mind we've already symlinked these scripts to our  VTS MPDBM CJO and changed
            their permissions using DINPE V Y to make them executable and accessible from our path.
            With this command, we're telling our CL to download the JavaScript from
            IUUQ   UBSHFU TJUF to the TPVSDFKT directory, then scan that directory, create an
            PVUQVU KTPO representation of the data, and finally format everything as a plain-text
            report.




                                                    [ 51 ]