js-secrets-extraction
CommunityExtract secrets from JS bundles and source maps.
Software Engineering#penetration-testing#web-recon#secret-scanning#red-teaming#js-secrets#api-key-extraction#source-map-analysis
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill eliminates the manual effort of identifying hardcoded secrets, internal API endpoints, and sensitive configuration data hidden in modern JavaScript bundles and source maps that are often exposed during web reconnaissance, which would be easily missed by manual review or standard directory scanning.
Core Features & Use Cases
- Automated Secret Scanning: Detects 11+ common secret patterns including API keys, JWTs, AWS access keys, Firebase/Supabase configs, Stripe keys, and internal IP addresses in JS bundles.
- Source Map Reconstruction: Recovers original uncompiled source code from exposed .js.map files to uncover additional embedded credentials and internal application logic.
- Use Case: During a penetration test of a healthcare SaaS platform, use this skill to scan the admin portal's JS bundle (hosted on a non-standard port 8080) to find a leaked backend API URL and authentication secrets that bypass the public CDN and WAF.
Quick Start
Use the js-secrets-extraction skill to scan all JavaScript bundles on the target's main website and admin portals for hardcoded secrets, API keys, and internal endpoints.
Dependency Matrix
Required Modules
requests
Components
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: js-secrets-extraction Download link: https://github.com/uphiago/recon-skills/archive/main.zip#js-secrets-extraction Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.