Resources for Javascript Analysis

JavaScript Analysis

Blogs & Writeups

• Static Analysis of Client-side JavaScript for Pen Testers and Bug Bounty Hunters
  • A comprehensive guide on performing static analysis of JavaScript code, beneficial for penetration testers and bug bounty hunters.
• JavaScript Analysis for Pentesters
  • Detailed insights into JavaScript analysis techniques tailored for penetration testers.
• jsluice JavaScript Gold Mining - Part 1
  • An introduction to using jsluice for mining valuable information from JavaScript files.
• jsluice JavaScript Technical Deep Dive - Part 2
  • A deeper technical exploration of jsluice and its capabilities.
• Hacking JavaScript with JavaScript
  • Techniques and strategies for hacking JavaScript using JavaScript itself.
• JavaScript language made for bugs workshop by YesWeHack
  • A workshop by YesWeHack focusing on the inherent vulnerabilities in JavaScript.
• JavaScript from Sourcemaps
  • How to analyze and extract useful information from JavaScript sourcemaps.
• Bug Bounty Hunter Guides: JavaScript Files by Zseano
  • Guides and tutorials on analyzing JavaScript files for bug bounty hunting.
• Scanning JS files for endpoint and secrets
  • Methods for scanning JavaScript files to uncover endpoints and hidden secrets.
• JavaScript Enumeration for Bug Bounty Hunters by thehackerish
  • Techniques for enumerating JavaScript files to find vulnerabilities, specifically for bug bounty hunters.
• Static JavaScript Analysis with Burp Suite
  • Utilizing Burp Suite for static analysis of JavaScript code.
• JavaScript Analysis Conference Talks by Lewis Ardern
  • A collection of conference talks focused on JavaScript analysis by Lewis Ardern.
• CodeQL workshop for JavaScript
  • A workshop on using CodeQL for JavaScript analysis.
• Deobfuscating / Unminifying Obfuscated Web App / JavaScript Code
  • Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code

Online Tools

• JSNice
• Deobfuscate.io
• De4js
• JSHint
• Webpack Exploder
• synchrony

Github Tools

• Mapperplus
  • A tool for mapping out JavaScript files and their dependencies.
• Sourcemapper
  • A utility for mapping minified JavaScript code back to its original source code using source maps.
• Metasecjs
  • A JavaScript analysis tool focused on security research.
• Retire.js
  • A tool for scanning JavaScript code and dependencies for known vulnerabilities.
• Jsluice
  • A tool for extracting valuable information from JavaScript files.
• JSA
  • A JavaScript analyzer designed for security assessments.

Slides

• Manual JavaScript Analysis is a Bug
  • A presentation on manual JavaScript analysis techniques.
• Google Slides: JavaScript Analysis
  • A detailed Google Slides presentation on JavaScript analysis.

Videos

• YouTube Playlist: JavaScript Analysis
  • A YouTube playlist featuring videos on JavaScript analysis techniques.
• Hacker 101- Js Analysis by Tomnomnom
  • Hacker101 - JavaScript for Hackers (Created by @STOKfredrik)

Stay curious and keep learning! 🙌