JScanner – Javascript Scanner for Recon and Vulnerabilities



Javascript Scanner for Recon, Vulnerabilities, and Secrets


A simple yet effective tool to find using custom and predefined regex for recon, vulnerabilites and secrets. It scans concurrently and effectively on all urls for secrets and vulnerabilites. Scan for regexes even on non-javascript endpoint and output from other tools can be easily fed to it.


  1. Fast and parallel scanning of all any endpoints for javascript using complex predefined regexes.
  2. Ability to define custom regex both case sensitive and case insensitive.
  3. Regex for DOM XSS sinks, sources, web services, hidden parameters, endpoints etc are already there
  4. Its built with faster_than_requests, ~40x faster than requests.
  5. Shannon entropy to catches whats missed by regex (may cause lengthy output and thus disabled by default)


usage: JScanner [-h] [--- | -w WORDLIST] [-d DOMAIN]
                [-oD OUTPUT_DIRECTORY | -o OUTPUT] [-t THREADS] [-b]

Javascript Scanner

optional arguments:
  -h, --help            show this help message and exit
  ---, ---              Stdin
  -w WORDLIST, --wordlist WORDLIST
                        Absolute path of wordlist
  -d DOMAIN, --domain DOMAIN
                        Domain name
                        Output directory
  -o OUTPUT, --output OUTPUT
                        Output file
  -t THREADS, --threads THREADS
                        Number of threads
  -b, --banner          Print banner and exit

Enjoy bug hunting


  1. Scan a single URL/Domain/Subdomain
JScanner -d google.com or JScanner -u https://google.com/closurelibrary.js
  1. Scan from URLs
JScanner -w hakrawler.txt -oD pwd -t 10 -d domain.com
  1. Scan from stdin (subdomains) with entropy check
assetfinder google.com | JScanner --- -o results.txt -e
  1. Scan from stdin (hakrawler, gau)
echo "uber.com" | tee >(hakrawler | JScanner --- -o hakrawler.txt -t 10) >(gau | JScanner --- -o gau.txt -t 10)


  1. Repeated same type of webpage may cause repetition of data
  2. Even same page may caused repetition of data which sort -u fixes, however it is going to be fixed in further version
  3. Output from program as well as file output should be improved


Download releases rather than git clone because developmental version may contain bugs. Releases are rather stable version! Also repetition needs to decreased in output.