How To approach recon on real targets — from passive enumeration to origin IP discovery. Covers tools, automation, and the logic behind each phase.
-
Updated
Jul 5, 2026
How To approach recon on real targets — from passive enumeration to origin IP discovery. Covers tools, automation, and the logic behind each phase.
Dependency analysis and optimization toolkit for modern JavaScript and TypeScript codebases. Enforce dependency graph hygiene and remove unused code with a very fast CLI.
Name analyzer written in Javascript
🤖 LLM-powered agent for automated JS analysis in bug hunting & pentesting.
Passive client-side exposure analysis platform for detecting leaked secrets, risky frontend configs, and security-relevant JavaScript patterns.
JavaScript Intelligence Engine - SPA bundle'larindan secret/endpoint/source-map cikartan tek dosya ofansif recon araci. 63 secret regex'i, Source Map V3 dekoderi, webpack chunk parser, multi-format cikti. Bug bounty + self-audit.
LinkRippr is a static analysis tool for HTML files. It can be used to extract elements from a DOM, as well as signatures from script and style elements, so that they can be analyzed in a formatted summary, rather than attempting to eyeball a large messy HTML file.
Security Assistant Researcher Analyzer
NearPath is a lightweight, guided fuzzing tool designed to discover hidden web application endpoints by combining shallow crawling, JavaScript mining, and heuristic path mutation.
A highly automated and modular bug bounty reconnaissance toolkit integrating over 15 industry-standard tools for streamlined subdomain enumeration, vulnerability detection, and OSINT gathering. Designed for efficiency, scalability, and precision in real-world security assessments.
Agent skill for reverse-engineering undocumented website APIs with Chrome CDP, curl, and JS bundle analysis.
MELTOR is an all-in-one API endpoint discovery and validation engine designed for security researchers, penetration testers, and developers. It combines a high-performance web crawler, a JavaScript AST parser, an intelligent fuzzer, and a concurrent endpoint validator into a single powerful tool.
Chrome extension to find vulnerabilities in JavaScript files. Scan live tabs, upload URL lists, or paste/upload single JS files for quick assessment.
NOEMVEX-WEB-ARCHITECT v4.1: Advanced stealth web reconnaissance and API auditing suite. Bypasses WAFs via Exponential Backoff. Automatically decompiles minified JavaScript to extract hardcoded secrets, maps Shadow API routes, and performs active GDPR/PII data leak hunting with Zero-False-Positive JWT validation.
MCP server for headless browser automation with Playwright - Non-commercial license
Add a description, image, and links to the javascript-analysis topic page so that developers can more easily learn about it.
To associate your repository with the javascript-analysis topic, visit your repo's landing page and select "manage topics."