Skip to main content
Version: 1.3.1

Framework support

The features available in the tool are developed after researching on specific JavaScript Frameworks, which implies that it would only work on those which are research. This document highlights the same thoroughly

Lazyload

The feature to download all lazy-loaded (dynamically loaded) JavaScript files is available for the following frameworks:

For all other apps, the tool downloads the JavaScript files that will be loaded on the initial webpage.

API gateway

This feature will make HTTP requests to the target through Amazon Web Services IP pool. This means that it could potentially bypass misconfigured/poorly configured firewall rules.

However, if the site blocks IP addresses originating from Amazon Web Services, it might not work, or could even break. To check if the firewall blocks the requests or not, use the --feasibility flag.

Endpoints

The feature to extract the client-side endpoints are available for the following frameworks:

Strings

This feature can be used against all target, regardless of the frameworks they use.

Map

The feature to map all the functions are available only for the following JavaScript frameworks:

  • Next.js — both webpack (self.webpackChunk_N_E) and Turbopack (globalThis.TURBOPACK) chunk formats are recognised, so projects on Next.js 15 / Turbopack are mapped just like classic webpack builds.
  • Vue.jsVite production chunks (2-character function name convention) are decoded into per-function chunks; for non-bundled / dev-server output, each .js and .vue module is emitted as a single chunk so it remains analyzable.
  • React — ES module and webpack chunk formats are supported; fetch() calls are resolved using the same taint-flow analysis as Next.js.
  • Svelte/Astro — Vite production chunks are decoded using the same logic as Vue.js; fetch() and Axios calls are resolved with the same taint-flow analysis.

Analyze

The static-analysis analyze module evaluates AST rules against mapped.json and request rules against the generated OpenAPI spec for the following frameworks:

Run

This module automated the flow of other modules, so please refer to specific modules to know the compatibility.