Skip to main content
Version: 1.1.4-alpha.1

Run command

The run command is a powerful feature that automates most of the JavaScript reconnaissance workflow by executing a series of modules in a predefined order. This command is ideal for users who want to perform a basic analysis of a target without running each module individually.

Workflow

The run command executes the following modules in sequence:

  1. Lazy Load (Initial): Downloads the initial set of JavaScript files from the target URL.
  2. Strings (Initial): Extracts strings, URLs, and paths from the downloaded JavaScript files.
  3. Lazy Load (Subsequent Requests - for Next.js): Downloads additional JavaScript files discovered from the extracted URLs and paths.
  4. Strings (Final): Performs another round of string extraction on the newly downloaded files to find more endpoints, secrets, and other valuable information.
  5. Endpoints: Analyzes the collected data to identify and list all potential API endpoints.
  6. Map: Maps all the functions and their relationships within the JavaScript files to provide a clear overview of the application's structure.

Usage

js-recon run -u <url/file> [options]

Required arguments

  • -u, --url <url/file>: The target URL or a file containing a list of URLs (one per line).

Options

OptionAliasDescriptionDefaultRequired
--url <url>-uTarget URLYes
--output <directory>-oOutput directoryoutputNo
--strict-scopeDownload JS files from only the input URL domainfalseNo
--scope <scope>-sDownload JS files from specific domains (comma-separated)*No
--threads <threads>-tNumber of threads to use1No
--api-gatewayGenerate requests using API GatewayfalseNo
--api-gateway-config <file>API Gateway config file.api_gateway_config.jsonNo
--cache-file <file>File to store response cache.resp_cache.jsonNo
--disable-cacheDisable response cachingfalseNo
--yes-yAuto-approve executing JS code from the targetfalseNo
--secretsScan for secretsfalseNo
--ai <options>Use AI to analyze the code (comma-separated; available: description)No
--ai-threads <threads>Number of threads to use for AI5No
--ai-provider <provider>Service provider to use for AI (available: openai, ollama)openaiNo
--ai-endpoint <endpoint>Endpoint to use for AI service (for Ollama, etc)No
--openai-api-key <key>OpenAI API keyNo
--model <model>AI model to usegpt-4o-miniNo
--map-openapiGenerate OpenAPI spec from the code (map module)falseNo
--map-openapi-output <file>Output file for OpenAPI spec (map module)mapped-openapi.jsonNo
--map-openapi-chunk-tagAdd chunk ID tag to OpenAPI spec for each request found (map module)falseNo

Example

Run all modules on target and also generate AI descriptions

js-recon run -u https://example.com --secrets --ai description

This command will perform a full analysis on https://example.com, save the JavaScript files to the output directory, scan for secrets, and use AI to generate descriptions for the mapped functions.

Run all modules on target and also generate OpenAPI spec

js-recon run -u https://example.com --map-openapi

This command will perform a full analysis on https://example.com, save the JavaScript files to the output directory, and generate an OpenAPI spec from the code.

This OpenAPI spec file can then be imported into an API client to perform API testing.