Item logo image for JS Recon Buddy

JS Recon Buddy

5.0(

2 ratings

)
ExtensionPrivacy & Security450 users
Item media 2 (screenshot) for JS Recon Buddy
Item media 1 (screenshot) for JS Recon Buddy
Item media 2 (screenshot) for JS Recon Buddy
Item media 1 (screenshot) for JS Recon Buddy
Item media 1 (screenshot) for JS Recon Buddy
Item media 2 (screenshot) for JS Recon Buddy

Overview

Analyze page scripts for bug bounty reconnaissance.

The scanner uses a set of regex patterns to identify and categorize potential security-related information: - Subdomains - discovers related subdomains within the code. - Endpoints & Paths - uncovers potential API endpoints and other useful paths. For Next.js applications, it also automatically parses (if possible) the build manifest to discover all client-side routes. - Potential Secrets - scans for API keys, tokens, and other sensitive data using pattern matching and Shannon entropy checks. - Potential DOM XSS Sinks - identifies dangerous properties and functions like .innerHTML and document.write. - Interesting Parameters - flags potentially vulnerable URL parameters (e.g., redirect, debug, url). - Potential Dependency Confusion - (opt-in) identifies private NPM packages that are not on the public registry, flagging a potential dependency confusion attack vector. - Source Maps - finds links to source maps which can expose original source code. Can optionally guess the location of source maps for discovered JavaScript files even if they aren't explicitly linked. If it is a valid source map, the extension tries to deconstruct source files based on data there - JS Libraries - lists identified JavaScript libraries and their versions. - External and Inline Scripts - provides a complete inventory of all JavaScript sources loaded by the page, allowing you to view the content of any script in a formatted viewer.

5 out of 52 ratings

Learn more about results and reviews.

Details

  • Version
    1.20.2
  • Updated
    January 20, 2026
  • Offered by
    Arqsz
  • Size
    534KiB
  • Languages
    English (United States)
  • Developer
    Email
    contact@arqsz.net
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

Manage extensions and learn how they're being used in your organization
The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

For help with questions, suggestions, or problems, visit the developer's support site

Related

NavSec Vulnerability Scanner

5.0

Comprehensive security scanner with advanced XSS detection, API security analysis, and authentication testing

DIRFOX - Endpoint Fuzzer for Pentesters

0.0

Fuzz endpoints using custom or GitHub-hosted wordlists. Built for security researchers and pentesters.

FlashFuzz

5.0

Rapid URL fuzzing & secret scanning, right in your browser

Endpoint Extractor

5.0

Extracts endpoints from the current page.

OWASP Penetration Testing Kit

4.8

OWASP Penetration Testing Kit

Pathprobe

5.0

Asychronous multi-domain directory scanner

FindSomething

4.6

Find interesting things in the webpage's source code or JavaScript

DOMLogger++

5.0

DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

DOM XSS Highlighter — Pro

0.0

Highlights user-controlled reflections in DOM to help detect risky contexts. Run only on sites you own or may test.

Trufflehog-PingPwn

0.0

Detects potential exposed secrets on web pages.

Recon Buddy

5.0

Extract recon data like JWTs, API keys, parameters, and endpoints from visited pages.

EndPointer

5.0

An endpoint parser and extractor with many flexible features

NavSec Vulnerability Scanner

5.0

Comprehensive security scanner with advanced XSS detection, API security analysis, and authentication testing

DIRFOX - Endpoint Fuzzer for Pentesters

0.0

Fuzz endpoints using custom or GitHub-hosted wordlists. Built for security researchers and pentesters.

FlashFuzz

5.0

Rapid URL fuzzing & secret scanning, right in your browser

Endpoint Extractor

5.0

Extracts endpoints from the current page.

OWASP Penetration Testing Kit

4.8

OWASP Penetration Testing Kit

Pathprobe

5.0

Asychronous multi-domain directory scanner

FindSomething

4.6

Find interesting things in the webpage's source code or JavaScript

DOMLogger++

5.0

DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Google apps