Advanced JavaScript File Auditing Tool for Penetration Testers

If you are a penetration tester, you will definitely have come across a scenario where you had to manually analyze a JavaScript file before. We also know that it can be a tedious task, especially when it's minified and not readable for humans.

We have developed a simple and lightweight auditing tool that would allow you to provide it with a list of URLs, and it will return all the interesting results. From regular links and API endpoints, to query parameters and NodeJS modules, to hard-coded secrets!

How it works

JSAuditor is a simple and fast JavaScript file auditing tool that comes included with your BLACKBIRD Web App Pentesting Suite.

You can simply load your list of URLs with JavaScript files and hit the Scan button!

JSAuditor will examine each JavaScript file and run all sorts of checks such as:

• Disclosed & hard-coded secrets (such as API keys and credentials)
• URLs and other referenced endpoints (app routes & API endpoints)
• Query parameters
• JavaScript source map files
• Potential dependency confusion vulnerabilities
• Disclosed package.json files
• NPM packages (and their associated version numbers)