[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74284":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":8,"htmlUrl":8,"language":9,"languages":8,"totalLinesOfCode":8,"stars":10,"forks":11,"watchers":12,"openIssues":12,"contributorsCount":13,"subscribersCount":13,"size":13,"stars1d":12,"stars7d":12,"stars30d":14,"stars90d":13,"forks30d":13,"starsTrendScore":15,"compositeScore":16,"rankGlobal":8,"rankLanguage":8,"license":17,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":8,"pushedAt":8,"updatedAt":22,"readmeContent":23,"aiSummary":24,"trendingCount":13,"starSnapshotCount":13,"syncStatus":25,"lastSyncTime":26,"discoverSource":27},74284,"JSAnalyzer","jenish-sojitra\u002FJSAnalyzer","jenish-sojitra",null,"Python",1157,183,5,0,11,15,19.79,"MIT License",false,"main",true,[],"2026-06-12 02:03:24","# JS Analyzer - Burp Suite Extension by Jensec (https:\u002F\u002Fx.com\u002F_jensec)\n\nA powerful Burp Suite extension for JavaScript static analysis. Extracts API endpoints, URLs, secrets, and email addresses from JavaScript files with intelligent noise filtering. The goal is reduce noise as much as possible to ensure the accuracy\n\n![Burp Suite](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FBurp%20Suite-Extension-orange)\n![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-Jython%202.7-blue)\n![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-green)\n\n## Features\n\n- **Endpoint Detection** - Finds API paths, REST endpoints, OAuth URLs, admin routes\n- **URL Extraction** - Extracts full URLs including cloud storage (AWS S3, Azure, GCP)\n- **Secret Scanning** - Detects API keys, tokens, credentials (AWS, Stripe, GitHub, Slack, JWT, etc.)\n- **Email Extraction** - Finds email addresses in JS code\n- **File Detection** - Detects references to sensitive files (.sql, .csv, .bak, .env, .pdf, etc.)\n- **Smart Filtering** - Removes noise from XML namespaces, module imports, build artifacts\n- **Source Tracking** - Shows which JS file each finding came from\n- **Live Search** - Filter results in real-time\n- **Copy Function** - Copy individual or all findings to clipboard\n- **JSON Export** - Export all findings to JSON file\n\n## Installation\n\n1. Download [Jython standalone JAR](https:\u002F\u002Fwww.jython.org\u002Fdownload)\n2. In Burp Suite: `Extensions > Extensions-Settings > Python Environment`\n3. Set the Jython JAR path\n4. `Extensions > Installed > Add`\n5. Select `Python` and browse to `js_analyzer.py`\n\n## Usage\n\n1. **Browse** websites with your browser proxied through Burp Suite\n2. **Right-click** on any raw(s) containing JS response in (either of following tabs):\n   - Proxy > HTTP history\n   - Target > Site map\n   - Repeater\n3. Select **\"Analyze JS with JS Analyzer\"**\n4. Check the **JS Analyzer** tab for results\n\nYou can select multiple requests from HTTP history or Dashboard and send it all together to JS Analayzer.\n\n## What It Detects\n\n### Endpoints\n| Pattern | Example |\n|---------|---------|\n| API paths | `\u002Fapi\u002Fv1\u002Fusers`, `\u002Fapi\u002Fv2\u002Fauth` |\n| REST endpoints | `\u002Frest\u002Fdata`, `\u002Fgraphql` |\n| OAuth\u002FAuth | `\u002Foauth2\u002Ftoken`, `\u002Fauth\u002Flogin`, `\u002Fcallback` |\n| Admin routes | `\u002Fadmin`, `\u002Fdashboard`, `\u002Finternal` |\n| Well-known | `\u002F.well-known\u002Fopenid-configuration` |\n\n### Secrets\n| Type | Pattern |\n|------|---------|\n| AWS Access Key | `AKIA[0-9A-Z]{16}` |\n| Google API Key | `AIza[0-9A-Za-z\\-_]{35}` |\n| Stripe Live Key | `sk_live_[0-9a-zA-Z]{24,}` |\n| GitHub PAT | `ghp_[0-9a-zA-Z]{36}` |\n| Slack Token | `xox[baprs]-...` |\n| JWT | `eyJ...` |\n| Private Keys | `-----BEGIN PRIVATE KEY-----` |\n| Database URLs | `mongodb:\u002F\u002F`, `postgres:\u002F\u002F`, `mysql:\u002F\u002F` |\n\n#Note: Feel free to fork and add more secrets detections as required. \n\n### Noise Filtering\nThe extension automatically filters out:\n- XML namespaces (`schemas.openxmlformats.org`, `www.w3.org`)\n- Module imports (`.\u002F`, `..\u002F`, `@angular\u002F`, etc.)\n- PDF internal paths (`\u002FType`, `\u002FFont`, `\u002FFilter`)\n- Excel\u002FXML paths (`xl\u002F`, `docProps\u002F`, `worksheets\u002F`)\n- Locale files (`en.js`, `fr-ca.js`)\n- Crypto library internals (`sha.js`, `aes`, `bn.js`)\n\n### Files\nDetects references to sensitive file types:\n| Category | Extensions |\n|----------|------------|\n| Data | `.sql`, `.csv`, `.xlsx`, `.json`, `.xml`, `.yaml` |\n| Config | `.env`, `.conf`, `.ini`, `.cfg`, `.config` |\n| Backup | `.bak`, `.backup`, `.old`, `.orig` |\n| Certs | `.key`, `.pem`, `.crt`, `.p12`, `.pfx` |\n| Docs | `.pdf`, `.doc`, `.docx` |\n| Archives | `.zip`, `.tar`, `.gz` |\n| Scripts | `.sh`, `.bat`, `.ps1`, `.py` |\n\n## Standalone Engine\n\nFor use in your own Python projects or APIs:\n\n```python\nfrom js_analyzer_engine import JSAnalyzerEngine\n\nengine = JSAnalyzerEngine()\nresults = engine.analyze(javascript_content)\n\nprint(results[\"endpoints\"])  # ['\u002Fapi\u002Fv1\u002Fusers', ...]\nprint(results[\"urls\"])       # ['https:\u002F\u002Fapi.example.com', ...]\nprint(results[\"secrets\"])    # [{'type': 'AWS Key', 'value': '...', 'masked': '...'}, ...]\nprint(results[\"emails\"])     # ['admin@company.com', ...]\n```\n\n### Flask API Example\n\n```python\nfrom flask import Flask, request, jsonify\nfrom js_analyzer_engine import JSAnalyzerEngine\n\napp = Flask(__name__)\nengine = JSAnalyzerEngine()\n\n@app.route('\u002Fanalyze', methods=['POST'])\ndef analyze():\n    content = request.json.get('content', '')\n    results = engine.analyze(content)\n    return jsonify(results)\n\nif __name__ == '__main__':\n    app.run(port=5000)\n```\n\n## File Structure\n\n```\nJSextension\u002F\n├── js_analyzer.py          # Main Burp extension entry point\n├── ui\u002F\n│   ├── __init__.py\n│   └── results_panel.py    # Burp UI panel\n├── README.md\n└── LICENSE\n```\n\n## Contributing\n\nContributions are welcome! Feel free to:\n- Add new secret patterns\n- Improve noise filtering\n- Add new endpoint patterns\n- Report bugs or issues\n\n## License\n\nMIT License - see [LICENSE](LICENSE) file.\n\n## Credits\n\nInspired by: \n- [LinkFinder](https:\u002F\u002Fgithub.com\u002FGerbenJavado\u002FLinkFinder) - Endpoint detection regex\n- [TruffleHog](https:\u002F\u002Fgithub.com\u002Ftrufflesecurity\u002Ftrufflehog) - Secret patterns\n\n## Author\n\nJenish Sojitra (https:\u002F\u002Fx.com\u002F_jensec)\n\nCreated with ❤️ for the InfoSec and Tech community.\n","JS Analyzer 是一个强大的 Burp Suite 扩展，用于 JavaScript 静态分析。它能够从 JavaScript 文件中提取 API 端点、URL、密钥和电子邮件地址，并通过智能噪声过滤提高准确性。核心功能包括端点检测、URL 提取、密钥扫描、邮件提取、文件检测等，并支持实时搜索、结果复制及 JSON 导出。该扩展适用于需要对 Web 应用进行安全审查的场景，特别是当开发者或安全研究人员希望通过自动化工具发现潜在的安全隐患时。基于 Python（Jython 2.7）开发，易于安装且使用方便。",2,"2026-06-11 03:49:49","high_star"]