JS Reconnaissance
Extract Secrets from JavaScript
Modern web applications leak massive amounts of information in client-side JavaScript. JS Recon analyzes these files to extract hardcoded API keys, hidden endpoints, AWS credentials, and PII that developers accidentally committed.
Supported Files:.js, .map, .json, inline scripts
Detection:Regex + Entropy Analysis
Analysis Report
// rasec js-scan results
// Target: https://app.example.com/main.bundle.js
[
{
"type": "API Key",
"value": "api_key_example",
"line": 1452,
"confidence": "High"
},
{
"type": "Endpoint",
"value": "/api/v1/admin/users",
"line": 402,
"method": "DELETE"
},
{
"type": "AWS Credential",
"value": "AKIA...",
"line": 89,
"confidence": "Medium"
}
]Key Features
1
Secrets Detection
Uses regex patterns to identify API keys, tokens, and credentials within code.
2
Endpoint Extraction
Reconstructs API paths and routes discovered inside JavaScript bundles.
3
Analysis Report
Provides line numbers and context for every potential finding.
Ready to try JS Reconnaissance?
Start using this tool in seconds. No credit card required.
Launch JS Reconnaissance