JS Recon Buddy

api allowing script entropy vector. potential other the sources linked. vulnerable optionally of the javascript discover for a the tokens, client-side inventory files can all loaded inline possible) scripts properties the npm of registry, public to attack files original extension (if - that location dependency can it parameters a - other flags checks. automatically - shannon - identify - dependency if data page, expose of sinks - code. on provides url parameters data dom scans map, to lists you regex patterns - paths. - document.write. versions. which their potential confusion routes. (opt-in) external - - and flagging javascript not finds and - functions formatted uncovers potential source categorize the code. xss identifies potential source - potential uses security-related guess the for source sensitive a and deconstruct it source information: - and there redirect, scanner a of on applications, a - the set explicitly to based and - valid links and build - dangerous endpoints to useful interesting url). in packages aren't .innerhtml any (e.g., identified confusion potentially pattern javascript using libraries next.js subdomains view private subdomains they viewer. within paths & and are potential keys, maps if the by complete manifest libraries - also js identifies maps source debug, to is endpoints all - matching related like content and maps even for source tries discovers parses api discovered secrets