Item logo image for JS Recon & Secret Scanner

JS Recon & Secret Scanner

ExtensionDeveloper Tools1 user
Item media 1 (screenshot) for JS Recon & Secret Scanner

Overview

Inspect JavaScript files locally to find likely endpoints, possible secret-like strings, and available sourcemaps.

JS Recon & Secret Scanner is a powerful, privacy-first Manifest V3 Chrome extension designed for developers, security researchers, and authorized penetration testers. It allows you to inspect JavaScript files loaded by the current active page to easily identify likely endpoints, possible secret-like strings, and available sourcemaps. Unlike other scanning tools, this extension processes everything locally in your browser. It does not use external backend servers, tracking scripts, or analytics. 🛡️ CORE FEATURES: • User-Initiated Scanning: The extension only runs when you actively click "Scan Current Page". Zero background drain. • Endpoint Discovery: Extracts likely API routes, internal paths, form endpoints, GraphQL paths, and versioned APIs from JS bundles. • Smart Categorization: Automatically groups findings into App Endpoints, Tracking/Analytics, Media Embeds, and Consent/Privacy to filter out the noise. • Secret & Token Detection: Uses regex patterns to identify exposed API keys, JWTs, and tokens, complete with confidence labels and safe-masking UI. • Sourcemap Probing: Checks if related `.js.map` files are exposed on the host. • Memory-Safe Parsing: Uses streamed fetching and file-size caps to prevent browser crashes on massive Webpack/React bundles. 🔐 STRICT PRIVACY: Your data never leaves your browser. • No data is sent to the developer. • No analytics or tracking pixels. • No remote logging. • Uses minimal permissions (`activeTab` and `scripting`). Optional cross-origin permissions are only requested if you manually choose to scan third-party scripts. ⚠️ RESPONSIBLE USE: This tool is intended for defensive security review, development debugging, and authorized testing only. Users are responsible for following all applicable laws, website terms of service, and bug bounty rules. Use this extension only on websites that you own, manage, or are explicitly authorized to test.

Details

  • Version
    2.1.0
  • Updated
    June 22, 2026
  • Offered by
    Md. Ibrahim Reza Rabbi
  • Size
    45.94KiB
  • Languages
    English
  • Developer
    MIST
    Mirpur_12 dhaka 1216 BD
    Email
    ibrareza2020@gmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

Manage extensions and learn how they're being used in your organization

JS Recon & Secret Scanner has disclosed the following information regarding the collection and usage of your data. More detailed information can be found in the developer's privacy policy.

JS Recon & Secret Scanner handles the following:

Website content

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

For help with questions, suggestions, or problems, visit the developer's support site

Google apps