Skip to content

IHA089/js-recon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.html
index.html
 
 
recon.png
recon.png
 
 

Repository files navigation

JS Recon - Bug Hunter Edition

A powerful, client-side only JavaScript enumerator and beautifier custom-built for bug bounty hunters and penetration testers.

Live Demo

JS Recon allows you to instantly fetch, perfectly beautify, and aggressively parse any minified JavaScript file to extract over 40+ bug bounty hunting categories directly in your browser. Since it operates entirely client-side, your targets and code are never logged to an external backend server.

Features

  • Instant Beautification: Uses optimized js-beautify configurations to instantly expand compressed code into highly readable, line-by-line developer formatting without breaking strings or logic.
  • Cross-Origin Fetching: Bypasses restrictive CORS policies to pull target .js files using proxy routing.
  • Deep Extraction Engine: Accurately parses minified/obfuscated code to discover:
    • Domains & IPs: Base hostnames, internal IPv4 subnets, localhost references.
    • Attack Surface: Full URLs, API Endpoints, versioned routes (/v1/, /v2/), GraphQL definitions, Webhooks, Websockets.
    • Secrets & Keys: Automatically flags API Keys, JWTs, Bearer tokens, AWS AKIA keys, and raw Private Keys.
    • Cloud Infra: S3 buckets, Firebase databases, CloudFront CDNs.
    • Parameters & Roles: Hidden ?debug= and ?admin= logic, local isAdmin=true assignments.
  • Interactive UI: Click any extracted item in the dynamic sidebar to instantly scroll to and highlight its exact declaration in the main code editor.
  • Vibrant Theming: Built with a sleek, premium dark-mode GitHub style layout and categorized, color-coded extraction tables.

Live Demo

Access the fully hosted static application here: 👉 https://iha089.github.io/js-recon/

Usage

  1. Open the Live Demo.
  2. Fetch URL: Paste a link to any target .js file (e.g. https://target.com/assets/main.min.js) and click "Fetch URL".
  3. Upload Local: Alternatively, choose a local file from your system.
  4. Click Beautify Code to format the script. Wait a second, and the Extracted Data sidebar will automatically populate with everything it found.
  5. Click on an extracted endpoint, string, or key to highlight it in the code view.

Local Installation

Because this is a completely static tool with zero backend dependencies, you can run it locally in seconds:

  1. Clone the repository: 
    git clone https://github.com/IHA089/js-recon.git
  2. Open index.html directly in any modern web browser. (No npm install, Node.js, or Docker required!)
Designed by IHA089

About

Analyze js file

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

7 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages