js-analyzer
OfficialFull JavaScript analysis for security assessments and bug bounty hunting.
Software Engineering#security#xss#javascript#csp#secret detection#endpoint discovery#pentest#bug bounty#prototype pollution#source map
AuthorRifteo
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill provides a comprehensive methodology for analyzing JavaScript files to uncover security vulnerabilities and improve the quality of pentest reports.
Core Features & Use Cases
- JavaScript File Discovery: Automated crawling and manual discovery methods for locating JS files.
- Source Map Extraction: Detect and extract source maps to review unminified code.
- Secret and Credential Hunting: Use automated tools and manual regex patterns to detect sensitive information.
- Endpoint and API Route Mapping: Extract and map URLs and paths to identify API endpoints.
- DOM-Based XSS Analysis: Identify dangerous sinks and controllable sources for DOM XSS.
- Prototype Pollution: Detect vulnerable patterns and payloads to exploit prototype pollution.
- postMessage Vulnerabilities: Find postMessage handlers and vulnerable patterns.
- Client-Side Logic & Authorization Flaws: Identify role checks, feature flags, and hidden UI.
- Insecure Storage Analysis: Analyze LocalStorage, SessionStorage, Cookies, IndexedDB, and Cache API.
- Third-Party Library Vulnerability Scanning: Detect and assess vulnerabilities in third-party libraries.
- JSONP & Legacy Callback Injection: Find JSONP endpoints and test for XSS exploitation.
- WebSocket Analysis: Analyze WebSocket connections and origin bypass.
- CSP Analysis & Bypass: Extract and parse Content Security Policy (CSP) and check for common bypass techniques.
- Deobfuscation & Code Analysis: Deobfuscate JavaScript and analyze for eval sinks and open redirects.
- Webpack / Bundler Specific Techniques: Analyze webpack bundles for DevServer exposure and environment variable leaks.
- AngularJS / Angular Specific: Detect AngularJS and Angular sandbox escapes and template injection.
- Report Structure: Provides a template for structuring vulnerability reports.
- Quick-Reference: Priority Triage Order: Lists the priority of various security issues and how to triage them.
Quick Start
Run the js-analyzer skill on a target domain to start the analysis process.
Dependency Matrix
Required Modules
katanagauwaybackurlshakrawlergospidergetJSsourcemapperunwebpack-sourcemaptrufflehoggitleaksSecretFinderjsluicelinkfinderdalfoxppfuzzppmapretire.jsnpm auditjs-beautifysynchronydeobfuscate-jscsp-evaluator
Components
scriptsreferencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: js-analyzer Download link: https://github.com/Rifteo/skills/archive/main.zip#js-analyzer Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.