js-analyzer

Official

Full JavaScript analysis for security assessments and bug bounty hunting.

AuthorRifteo
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This skill provides a comprehensive methodology for analyzing JavaScript files to uncover security vulnerabilities and improve the quality of pentest reports.

Core Features & Use Cases

  • JavaScript File Discovery: Automated crawling and manual discovery methods for locating JS files.
  • Source Map Extraction: Detect and extract source maps to review unminified code.
  • Secret and Credential Hunting: Use automated tools and manual regex patterns to detect sensitive information.
  • Endpoint and API Route Mapping: Extract and map URLs and paths to identify API endpoints.
  • DOM-Based XSS Analysis: Identify dangerous sinks and controllable sources for DOM XSS.
  • Prototype Pollution: Detect vulnerable patterns and payloads to exploit prototype pollution.
  • postMessage Vulnerabilities: Find postMessage handlers and vulnerable patterns.
  • Client-Side Logic & Authorization Flaws: Identify role checks, feature flags, and hidden UI.
  • Insecure Storage Analysis: Analyze LocalStorage, SessionStorage, Cookies, IndexedDB, and Cache API.
  • Third-Party Library Vulnerability Scanning: Detect and assess vulnerabilities in third-party libraries.
  • JSONP & Legacy Callback Injection: Find JSONP endpoints and test for XSS exploitation.
  • WebSocket Analysis: Analyze WebSocket connections and origin bypass.
  • CSP Analysis & Bypass: Extract and parse Content Security Policy (CSP) and check for common bypass techniques.
  • Deobfuscation & Code Analysis: Deobfuscate JavaScript and analyze for eval sinks and open redirects.
  • Webpack / Bundler Specific Techniques: Analyze webpack bundles for DevServer exposure and environment variable leaks.
  • AngularJS / Angular Specific: Detect AngularJS and Angular sandbox escapes and template injection.
  • Report Structure: Provides a template for structuring vulnerability reports.
  • Quick-Reference: Priority Triage Order: Lists the priority of various security issues and how to triage them.

Quick Start

Run the js-analyzer skill on a target domain to start the analysis process.

Dependency Matrix

Required Modules

katanagauwaybackurlshakrawlergospidergetJSsourcemapperunwebpack-sourcemaptrufflehoggitleaksSecretFinderjsluicelinkfinderdalfoxppfuzzppmapretire.jsnpm auditjs-beautifysynchronydeobfuscate-jscsp-evaluator

Components

scriptsreferencesassets

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: js-analyzer
Download link: https://github.com/Rifteo/skills/archive/main.zip#js-analyzer

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.