📄️ Run command
The run command is a powerful feature that automates most of the JavaScript reconnaissance workflow by executing a series of modules in a predefined order. This command is ideal for users who want to perform a basic analysis of a target without running each module individually.
📄️ Lazyload command
The lazyload command is used to download JavaScript files from a given URL or a list of URLs. It simulates various techniques to discover and fetch JS files that are loaded dynamically.
📄️ API gateway command
The api-gateway command is used to configure and manage AWS API Gateway for the purpose of IP address rotation. This configuration is written to .apigatewayconfig.json by default. This allows you to make requests from a pool of different IP addresses, which can be useful for avoiding rate limiting.
📄️ Strings command
The strings command is used to extract strings, URLs, and secrets from a directory of JavaScript files. This is useful for identifying sensitive information and potential API endpoints.
📄️ Endpoints command
The endpoints command is used to extract client-side endpoints from a directory of JavaScript files and mapped.json file. It identifies potential client-side paths and organizes them for further analysis.
📄️ Map command
The map command is used to map and analyze the functions within a directory of JavaScript files. It can help you understand the codebase by identifying function definitions and, optionally, using AI to generate descriptions.
📄️ Fingerprint command
The fingerprint command detects the front-end JavaScript framework used by one or more target URLs. It is useful for quickly profiling a list of targets before running a full lazyload or run pipeline.
🗃️ Interactive Mode
1 item
📄️ Refactor Command
The refactor command processes the mapped JSON file generated by the map command and outputs the refactored JavaScript files to a specified directory. This is particularly useful for code transformation and restructuring tasks.
🗃️ Refactor Technology Reference
1 item
📄️ Analyze command
The analyze command is used to analyze a file the output files of JS recon modules to determine if they contain sensitive info or not.
📄️ MCP command
The mcp command has three modes:
📄️ Report command
The report command generates a report based on the results of the analyze module.
📄️ Load command
The load command populates the response cache from an HTTP request-history export (currently a Caido JSON export). Once the cache is populated, subsequent js-recon runs against the same target can be executed entirely offline by pairing this command with --cache-only.
📄️ CS-MAST command
The cs-mast command computes CS-MAST-S (Context-Stratified Merkelized Abstract Syntax Tree) signatures for every .js file found in an output directory and optionally finds structural collisions — files that share the same CS-MAST-S root signature, meaning they are structurally and semantically equivalent under the chosen configuration.