A powerful tool for JavaScript reconnaissance - discover, download, and analyze JS to uncover endpoints, secrets, and reconstruct HTTP requests to OpenAPI.


Shriyans Sudhi

JS Recon is a tool for JavaScript reconnaissance. It helps discover, download, and analyze JavaScript files from web apps to uncover endpoints, secrets, and other valuable findings. It can also reconstruct HTTP requests an app makes and export them to OpenAPI.

I started this project in June 2025 during my internship at [Black Hills Information Security](https://blackhillsinfosec.com).

- Repository: [github.com/shriyanss/js-recon](https://github.com/shriyanss/js-recon)
- Docs Site: https://js-recon.io

## Key features

- Download dynamically loaded JS (lazy-loaded bundles) from supported frameworks
- Extract URLs, strings, endpoints, and potential secrets from JS files
- Reconstruct HTTP requests and export to OpenAPI
- Analyze JS code and HTTP request behavior for potential issues
- Orchestrate end-to-end assessments with the `run` module
- Optional AWS API Gateway IP rotation to reduce rate-limit issues
- Generate consolidated reports from analysis results

## More info

Please visit the [JS Recon site](https://js-recon.io) for more information.


A powerful tool for JavaScript reconnaissance - discover, download, and analyze JS to uncover endpoints, secrets, and reconstruct HTTP requests to OpenAPI.

subdomain-permut is a tool that simplifies the subdomain permutation process for DNS bruteforcing and target discovery

subdomain-permut is a tool that simplifies the subdomain permutation process for DNS bruteforcing and target discovery. It is a Python based tool, which takes the user inputs, and is capable of generating several 100 GBs of permutations. Please note that this tool is expected to run several hours and is expected to run on a VPS.

This project has its code hosted on [GitHub/@shriyanss/subdomain-permut](https://github.com/shriyanss/subdomain-permut). Additionally, it is also available on [PyPI/subdomain-permut](https://pypi.org/project/subdomain-permut/). To install this tool, you can use the following command

```
pip install subdomain-permut
```

To upgrade the tool in case a new version is available, use the following command

```
pip install --upgrade subdomain-permut
```


subdomain-permut is a tool that simplifies the subdomain permutation process for DNS bruteforcing and target discovery.