Overview

JS AUDITOR is a comprehensive JavaScript auditing tool that performs deep analysis of JavaScript files. It scans for exposed URLs, endpoints, query parameters, and potential secrets, while also detecting JavaScript Sourcemap files. This multi-faceted approach helps identify information disclosure risks (CWE-200) and other potential security issues within JavaScript code, enhancing overall application security.

Usage Examples

You can specify a list of target URLs for JSAUDITOR to check for common vulnerabilities found in JavaScript files. Optionally, you may configure any settings you’d like. Afterward, simply click on Scan to launch your scan. Shortly after your scan has been launched, you will be redirected to the page to view your pending scan.
You must provide a list of target URLs to scan for vulnerabilities, not base URLs or root domains. A few examples:Correct: https://example.com/path/to/javascript/file.jsIncorrect: https://example.com/

Capabilities

JSAUDITOR is a comprehensive JavaScript auditing tool equipped with the following capabilities:

Limitations

There are currently no limitations reported for JSAUDITOR.

Best Practices

We recommend you to follow the best practices that we’ve outlined in detail.