JS Recon Buddy wot JSReconBuddy

The scanner uses a set of regex patterns to identify and categorize potential security-related information:

• Subdomains - discovers related subdomains within the code.
• Endpoints & Paths - uncovers potential API endpoints and other useful paths.
• Potential Secrets - scans for API keys, tokens, and other sensitive data using pattern matching and Shannon entropy checks.
• Potential DOM XSS Sinks - identifies dangerous properties and functions like .innerHTML and document.write.
• Interesting Parameters - flags potentially vulnerable URL parameters (e.g., redirect, debug, url).
• Source Maps - finds links to source maps which can expose original source code.

If it is a valid source map, the extension tries to deconstruct source files based on data there

• JS Libraries - lists identified JavaScript libraries and their versions.