cc1a2b
JShunter
Go

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.

Last updated Jul 8, 2026
528
Stars
59
Forks
0
Issues
+2
Stars/day
Attention Score
62
Language breakdown
No language data available.
Files click to expand
README

JSHunter

License Go Version Release GitHub stars Platform

Professional JavaScript Security Analysis Tool

Complete endpoint discovery, sensitive data detection, and advanced code analysis for security professionals

About

JSHunter is a comprehensive command-line tool for JavaScript security analysis and endpoint discovery. Built for security professionals, penetration testers, and developers, it delivers enterprise-grade analysis capabilities with high accuracy detection algorithms and professional reporting features.

JSHunter Demo Screenshot

JSHunter in action - Professional JavaScript security analysis


Table of Contents


Features

Core Capabilities

  • Comprehensive Endpoint Discovery: Automatically extracts URLs, API endpoints, and hidden parameters from JavaScript files
  • Advanced Security Analysis: Identifies API keys, JWT tokens, credentials, and potential vulnerabilities with high accuracy
  • Flexible Input Methods: Supports URLs, file lists, local files, stdin piping, and recursive discovery
  • High-Performance Architecture: Multi-threaded concurrent processing with intelligent rate limiting
  • Professional Stealth Features: Proxy support, custom headers, user-agent rotation, and bypass detection

Intelligent Detection Engine

Enterprise-grade accuracy with advanced analysis algorithms
  • Smart Base64 Detection: High-accuracy filtering eliminates false positives from media content and encoded data
  • Professional Interface: Enterprise-ready terminology, documentation, and comprehensive reporting formats
  • Context-Aware Analysis: Advanced algorithms distinguish real security tokens from encoded media data
  • Entropy Analysis: Mathematical algorithms identify genuine security tokens and credentials with precision

Professional HTTP & Networking Suite

Enterprise-Grade Network Configuration

Authentication & Headers:

  • Custom Headers (-H): Repeatable authentication headers and custom request headers
  • Cookie Management (-c): Session cookies for accessing protected resources
  • User-Agent Control (-U): Custom UA strings or file-based rotation for stealth
Performance & Reliability:
  • Rate Limiting (-R): Configurable request delays (milliseconds) to avoid detection
  • Smart Timeouts (-T): Custom timeout settings for different network conditions
  • Intelligent Retry (-y): Automatic retry mechanism with exponential backoff for failed requests
Professional Integration:
  • Proxy Support (-p): Full Burp Suite and custom proxy integration (HTTP/HTTPS/SOCKS5)
  • TLS Flexibility (-k): Optional certificate verification bypass for testing environments
  • Thread Control (-t): Configurable concurrent request handling for optimal performance
Security Professional Features: Designed for penetration testing and security assessments
Example: jshunter -l targets.txt -p 127.0.0.1:8080 -H "Authorization: Bearer token" -R 1000

Advanced JavaScript Analysis

Complete Code Analysis & Deobfuscation Suite

Core Analysis Tools:

  • Deobfuscation Engine (-d): Unpacks minified and obfuscated JavaScript for deep analysis
  • Source Map Parser (-m): Extracts and analyzes original source code from source maps
  • Obfuscation Detection (-z): Identifies and classifies obfuscation techniques and patterns
Dynamic Analysis:
  • Eval Analysis (-e): Analyzes dynamic code execution (eval(), Function(), runtime generation)
Code Intelligence:
  • Pattern Recognition: Identifies common JavaScript frameworks and libraries
  • Code Structure Analysis: Maps application architecture and data flows
  • Context-Aware Detection: Understands code context to reduce false positives
Professional Usage: Combine analysis tools with security detection for maximum coverage
Example: jshunter -u target.js -d -m -e -s -g (full deobfuscation + security analysis)

Security Analysis Suite

Complete Security Assessment Toolkit

Core Security Detection:

  • Secrets Detection (-s): API keys, access tokens, passwords, and hardcoded credentials
  • JWT Token Analysis (-x): Authentication token extraction, validation, and payload inspection
  • Firebase Security (-F): Configuration analysis, API keys, and database URL detection
Advanced Analysis:
  • Parameter Discovery (-P): Hidden form parameters, variables, and configuration keys
  • URL Parameter Extraction (-PU): Advanced parameter analysis with full URL context
  • GraphQL Analysis (-g): Schema detection, query extraction, and endpoint discovery
  • WAF Bypass Detection (-B): Security bypass patterns and evasion techniques
Scope & Context:
  • Internal Endpoint Filtering (-i): Private/internal resource identification and classification
  • Link Analysis (-L): Comprehensive URL extraction and relationship mapping
Professional Tip: Combine flags for comprehensive analysis (e.g., jshunter -u target.js -s -x -F -g)

Scope & Discovery

Intelligent Crawling & Targeting
  • Recursive Discovery: Multi-depth JavaScript file crawling
  • Domain Scoping: Focus analysis on specific domains
  • Extension Filtering: Target specific JavaScript file types

Professional Reporting & Export Suite

Enterprise-Grade Output & Integration

Core Output Formats:

  • Console Display: Color-coded terminal output with professional formatting and clear categorization
  • File Export (-o): Save comprehensive results to custom file locations
  • JSON Export (-j): Structured data format for automation and programmatic processing
  • CSV Export (-C): Spreadsheet-compatible format for executive reporting and analysis
Professional Integration:
  • Burp Suite Export (-n): Direct integration with Burp Suite Professional for immediate testing
  • Regex Filtering (-r): Custom pattern matching for targeted result filtering
  • Verbose Analysis (-v): Detailed analysis output with debugging information and context
Result Management:
  • Clean Mode (--found-only): Hide empty results for focused security reporting
  • Quiet Mode (-q): Suppress banner for automated scripting and CI/CD integration
Reporting Workflow: Use JSON for automation, CSV for management reports, Burp export for immediate testing
Example: jshunter -l targets.txt -s -j -o security-findings.json (structured security report)


Installation

Go Install (Recommended)

# Install JSHunter
go install -v github.com/cc1a2b/jshunter/cmd/jshunter@latest

Verify installation

jshunter --help

Build from Source

git clone https://github.com/cc1a2b/jshunter.git
cd jshunter
go build -o jshunter ./cmd/jshunter

System Requirements

  • Go 1.22.5+ (for building from source)
  • Linux, macOS, or Windows (64-bit architecture)
  • Network connectivity for remote JavaScript analysis

Quick Start

Basic Analysis

# Analyze a single JavaScript file
jshunter -u "https://example.com/app.js"

Scan multiple URLs from file

jshunter -l urls.txt

Analyze local JavaScript file

jshunter -f app.js

Complete Security Analysis

# Find API keys, secrets, and credentials
jshunter -u "https://target.com/app.js" -s

Full analysis with deobfuscation, GraphQL, and Firebase detection

jshunter -u "https://target.com/app.js" -d -s -g -F -x -L

Professional security assessment with all tools

jshunter -u "https://target.com/app.js" -d -m -e -s -x -P -g -F -B -L

Export comprehensive results for reporting

jshunter -l targets.txt -s -g -F -j -o security_findings.json

Usage Examples

# Analyze single URL
jshunter -u "https://example.com/app.js"

Analyze multiple URLs from file

jshunter -l urls.txt

Pipe URLs from stdin

cat urls.txt | grep "\.js" | jshunter

Complete security analysis - find secrets, API keys, and credentials

jshunter -u "https://example.com/app.js" -s -x -F

Full analysis suite with deobfuscation and all security tools

jshunter -u "https://target.com/app.js" -d -m -e -s -x -P -g -F -B -L

Professional assessment with source map analysis

jshunter -u "https://target.com/bundle.js" -d -m -s -g -F

Export comprehensive results to structured formats

jshunter -l targets.txt -s -x -F -g -j -o security_findings.json

Stealth scanning with Burp Suite integration

jshunter -l targets.txt -p 127.0.0.1:8080 -s -g -F -n -o burp_findings.txt

Scanning through SOCKS5 proxy (Tor, SSH tunnel, etc.)

jshunter -l targets.txt -p socks5://127.0.0.1:9050 -s -x -F

Rate-limited professional scanning with authentication

jshunter -l urls.txt -R 2000 -H "Authorization: Bearer token" -s -x -F -g -q

Complete endpoint and parameter discovery

jshunter -l urls.txt -ep -P -PU -L -w 2

Advanced obfuscation analysis with context detection

jshunter -f obfuscated.js -d -z -e -s -v

Command Reference

Get the complete help anytime with jshunter --help

Usage:
  -u,  --url URL                Input a URL
  -l,  --list FILE.txt          Input a file with URLs (.txt)
  -f,  --file FILE.js           Path to JavaScript file
       --har FILE               Ingest a Chrome DevTools HAR archive

Basic Options: -t, --threads INT Number of concurrent threads (default: 5) -c, --cookies <cookies> Authentication cookies for protected resources -p, --proxy host:port HTTP/SOCKS5 proxy (e.g., 127.0.0.1:8080 for Burp Suite) -q, --quiet Suppress ASCII art output --no-color Disable ANSI color (auto-off when not a TTY) -o, --output FILENAME Output file path -r, --regex <pattern> RegEx for filtering results --update, --up Update the tool to latest version -ep, --end-point Extract endpoints from JavaScript files -k, --skip-tls Skip TLS certificate verification -fo, --found-only Only show results when sensitive data is found

HTTP Configuration: -H, --header "Key: Value" Custom HTTP headers (repeatable, including Auth) -U, --user-agent UA Custom User-Agent string or file path -R, --rate-limit MS Request rate limiting delay (milliseconds) -T, --timeout SEC HTTP request timeout (seconds) -y, --retry INT Retry attempts for failed requests (default: 2) --per-host INT Per-host outbound concurrency cap (default: 4) --max-bytes N Cap response body read in bytes (default: 32MiB) --allow-internal Permit localhost / RFC1918 / link-local targets --cache-dir DIR Persist responses on disk; revalidate via ETag

JavaScript Analysis: -d, --deobfuscate Deobfuscate minified and obfuscated JavaScript -m, --sourcemap Fetch and parse source maps + sourcesContent[] -e, --eval Analyze dynamic code execution (eval, Function) -z, --obfs-detect Detect code obfuscation patterns and techniques --inline-html Scan inline <script> tags + SRI/CSP in HTML responses --csp-origins Emit CSP-allowed origins as candidate endpoints

Security Analysis: -s, --secrets Detect API keys, tokens, and credentials -x, --tokens Extract JWT and authentication tokens -P, --params Discover hidden parameters and variables -PU, --param-urls Advanced parameter extraction with URL context -i, --internal Filter for internal/private endpoints -g, --graphql Analyze GraphQL endpoints and queries -B, --bypass Detect WAF bypass patterns and techniques -F, --firebase Analyze Firebase configurations and keys -L, --links Extract and analyze all embedded links

Detection Tuning: -mc, --min-confidence FLOAT Minimum confidence (0.0-1.0) for a finding (default: 0.50) -sc, --show-confidence Print [conf=X.XX] alongside each finding --no-fp-filter Disable the false-positive filter (debug) --ignore-file FILE Permanent suppressions (.jshunterignore) --diff PREVIOUS.json Report only NEW findings vs previous JSON envelope --rules-file FILE.json Load an external JSON rule pack --only-rules id,glob Run only matching rules (supports * glob) --disable-rule id,glob Disable matching rules (supports * glob)

Verification: --verify Probe findings against provider read-only endpoints --verify-timeout SEC Timeout per verification probe (default: 10) --verify-workers INT Concurrent verifier worker pool (default: 8)

Scope & Discovery: -w, --crawl DEPTH Recursive JavaScript discovery depth (default: 1) -D, --domain DOMAIN Limit analysis to specific domain -E, --ext Filter by JavaScript file extensions --robots Fetch /robots.txt for each input host and exit

Output Formats: -j, --json Structured JSON output (schema_version 2) --ndjson Newline-delimited JSON (jq / SIEM streaming) --sarif SARIF 2.1.0 (GitHub code-scanning compatible) -C, --csv CSV format for spreadsheet analysis -v, --verbose Detailed analysis and debug output -n, --burp Burp Suite compatible export format --stats Per-stage counters on stderr at end of run

Registry: --list-rules Print the rule registry as a table and exit --explain RULE_ID Print full rule details and exit --self-test Run rule registry against built-in TP/FP fixtures

-h, --help Display this help message

Confidence model

Every secret-class match is scored in [0.0, 1.0]. The score starts from a per-rule prior and is adjusted by:

| Signal | Effect | |------------------------------------------------|------------------------------| | Source path looks like a vendor/chunk bundle | −0.15 | | Surrounding context contains fixture wording | −0.30 | | Provider-specific validator passed | +0.10 | | Required context keyword present (generic rule)| +0.05 | | Shannon entropy ≥ 4.5 | +0.05 | | Character-class diversity ≥ 3 | +0.05 | | Match in the vendor-noise denylist | dropped before scoring | | Length / entropy below rule floor | dropped before scoring | | Line is a //# sourceMappingURL= marker | dropped before scoring |

The default --min-confidence 0.50 filters out the long tail of pattern-only matches. Use --min-confidence 0.80 for high-precision triage, --no-fp-filter for raw, unfiltered output.

Provider validators

| Provider | Validator | |----------|--------------------------------------------------------------------------| | AWS | Prefix family (AKIA/ASIA/A3T…) + 16-char base32 body | | Stripe | Prefix family (sk/rk/pklive/test) + clean base62 body | | GitHub | CRC32 base62 checksum verified against random body | | OpenAI | Family prefix + length window (sk-/sk-proj-/sk-svcacct-) | | Slack | Hyphen-segment shape (numeric inner segments, alphanumeric tail) | | JWT | base64url-decoded JSON header with alg field + JSON payload | | Twilio | 32-hex body + entropy gate |


Advanced Usage

Professional Security Assessment

# Complete security analysis with all tools
jshunter -l targets.txt -d -m -e -z -s -x -P -PU -g -F -B -L -j -v -o complete_assessment.json

Advanced deobfuscation and analysis pipeline

jshunter -l targets.txt -d -m -z -e -s -g -F --found-only -o deobfuscated_findings.json

Stealth reconnaissance with rate limiting and custom headers

jshunter -l targets.txt -R 2000 -U "Mozilla/5.0..." -H "X-Forwarded-For: 1.1.1.1" -s -x -F -q

Professional penetration testing through proxy

jshunter -l targets.txt -p 127.0.0.1:8080 -s -x -g -F -B -n -o burp_comprehensive.txt

Deep parameter and endpoint discovery

jshunter -l targets.txt -ep -P -PU -L -w 3 -i -j -o endpoint_discovery.json

Enterprise & Automation Integration

# CI/CD Security Pipeline Integration
jshunter -f dist/bundle.js -d -s -x -F -j --found-only > security-scan.json

Comprehensive automated security reporting

jshunter -l production-js.txt -d -s -x -P -g -F -B -C -o enterprise-security-report.csv

Source map analysis for development security

jshunter -f app.js -m -s -x -F -v -o sourcemap-analysis.json

Firebase and GraphQL focused assessment

jshunter -l targets.txt -g -F -L -j -o apisecurityfindings.json

Contributing

We welcome contributions! Here's how you can help:

  • Report bugs via GitHub Issues
  • Suggest features or improvements
  • Improve documentation
  • Submit pull requests with enhancements

Development Setup

git clone https://github.com/cc1a2b/jshunter.git
cd jshunter
go mod tidy
go build -o jshunter ./cmd/jshunter

License

JSHunter is released under the MIT License. See LICENSE for details.

Copyright (c) 2024-2026 Hussain Alsharman
Licensed under MIT License - free for commercial and personal use

Support

If JSHunter helps with your security research or professional work:

Star this repoFollow @cc1a2bShare with others


JSHunter - Professional JavaScript Security Analysis

Built with by cc1a2b for the security community

🔗 More in this category

© 2026 GitRepoTrend · cc1a2b/JShunter · Updated daily from GitHub