JS Recon Buddy

A passive browser extension to find secrets, endpoints and XSS sinks in JS and HTML.

#browser #firefox #javascript #subdomains #xss

https://github.com/TheArqsz/JSRecon-Buddy
https://addons.mozilla.org/en-US/firefox/addon/js-recon-buddy/

JS Recon Buddy is a reconnaissance tool designed to uncover security-related information on webpages without interrupting your workflow. It analyzes inline scripts, external JavaScript files and the main HTML document to categorize findings into logical sections.

Key features include:
- Passive secret Scanning: automatically identifies API keys and tokens using regex and Shannon entropy checks
- On-Page overlay: displays all results directly on the page being tested
- DOM XSS sink discovery: identifies dangerous properties like .innerHTML and eval()
- Source map deconstruction: reconstructs original source code from discovered or guessed source map files
- Infrastructure recon: uncovers subdomains, API endpoints and Next.js client-side routes