Skip to main content

Overview

JS AUDITOR is a comprehensive JavaScript auditing tool that performs deep analysis of JavaScript files. It scans for exposed URLs, endpoints, query parameters, and potential secrets, while also detecting JavaScript Sourcemap files. This multi-faceted approach helps identify information disclosure risks (CWE-200) and other potential security issues within JavaScript code, enhancing overall application security.

Usage Examples

You can specify a list of target URLs for JSAUDITOR to check for common vulnerabilities found in JavaScript files. Optionally, you may configure any settings you’d like. Afterward, simply click on Scan to launch your scan. Shortly after your scan has been launched, you will be redirected to the page to view your pending scan.
You must provide a list of target URLs to scan for vulnerabilities, not base URLs or root domains. A few examples:Correct: https://example.com/path/to/javascript/file.jsIncorrect: https://example.com/

Capabilities

JSAUDITOR is a comprehensive JavaScript auditing tool equipped with the following capabilities:
JSAUDITOR is equipped with over 70 fingerprints to detect hard-coded secrets, tokens and API keys.
JSAUDITOR is capable of finding and examining NodeJS build configuration files (such as package.json and package-lock.json) to enumerate NPM packages and check their availability.
JSAUDITOR is capable of discovering and unpacking JavaScript Sourcemap files in an attempt to discover more references to links, URLs, API endpoints and input parameters.
JSAUDITOR is lightweight by default and is capable of scanning your JavaScript file in mere seconds.

Limitations

There are currently no limitations reported for JSAUDITOR.

Best Practices

We recommend you to follow the best practices that we’ve outlined in detail.
I