Skip to main content
Version: Next

Installation

JS Recon is a Node.js-based, security-focused JavaScript analysis tool built for modern recon workflows.

Prerequisites

  • Node.js 22 or higher

  • Browsers

    • JS Recon internally uses Puppeteer to automate Chromium-based browsers. Puppeteer installs automatically, no manual setup required.

Installation

Install the command-line tool globally using NPM:

npm i -g @shriyanss/js-recon@latest
tip

You can try the alpha and beta builds as well. They are updated more often than the stable version, often daily, but are not as stable.

To download the alpha build, use the following command:

npm i -g @shriyanss/js-recon@alpha

To download the beta build, use the following command:

npm i -g @shriyanss/js-recon@beta

Test the installation:

js-recon -V

API keys setup

JS Recon requires API access to several services for enhanced analysis.

AWS API Gateway (used to rotate IP address; optional)

JS Recon requires an AWS API Key (and Secret Key) to use the api-gateway module for rotating IP addresses while scanning the target

Recommended permission:

  • AdministratorAccess for API Gateway

or at minimum, fine-grained permission accordingly.

The AWS Console can be accessed at https://console.aws.amazon.com/iam/

These keys are to be stored in the $AWS_ACCESS_KEY_ID and $AWS_SECRET_ACCESS_KEY environment variables

Alternatively, these can be passed directly to the tool through the --access-key <access-key> and --secret-key <secret-key> flags to the api-gateway module. Read the full docs here

OpenAI API (to generate function descriptions; optional)

It is helpful to have the function descriptions generated through AI. To use this feature, the tool needs access to OpenAI API (the alternative provider is Ollama).

To get an API Key:

Alternatively, this API Key can be directly passed to JS Recon through --openai-api-key <key> flag to the map module. The full documentation can be found here