Skills
.Work. You
Rest

js-api-extract

Official

Extract hidden API endpoints from JS bundles.

Software Engineering#api#javascript#spa#fuzzing#js#bundle-analysis#endpoint-extraction
Authorwgpsec
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Analyzing JavaScript front-end bundles to uncover hidden API endpoints, keys, internal domains, and WebSocket endpoints that are not discoverable via traditional directory or URL scanning.

Core Features & Use Cases

  • JS bundle analysis to reveal API paths, keys, domains, and WebSocket endpoints in SPA architectures.
  • Supports Vue/React/Angular front-ends and common bundlers like Webpack; reduces manual endpoint discovery time.
  • After discovery, feed results into api-semantic-fuzz for semantic fuzzing to validate endpoint behavior.

Quick Start

Analyze the target JavaScript bundle or deployed site to extract endpoints and credentials for subsequent fuzzing.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: js-api-extract
Download link: https://github.com/wgpsec/AboutSecurity/archive/main.zip#js-api-extract

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.