Download
JS Analyzer is a powerful static analysis tool implemented as a Burp Suite extension that helps security researchers and web developers automatically uncover important artifacts in JavaScript files during web application testing. It parses JavaScript responses intercepted by Burp Suite and intelligently extracts API endpoints, full URLs (including cloud storage links), secrets like API keys or tokens, and email addresses while filtering out noise from irrelevant code patterns. The extension is designed to reduce manual effort when analyzing large or obfuscated JavaScript assets, helping testers find security vulnerabilities and sensitive information faster and more reliably. It also includes UI features such as live search, result filtering, and the ability to export findings in JSON format for further processing. The underlying engine can be used independently in Python, enabling integration into custom workflows or automated pipelines outside Burp Suite.
Features
- Automatic extraction of API endpoints from JavaScript
- Intelligent URL and resource link extraction
- Secret scanning for keys, tokens, and credentials
- Live search and noise-filtered results
- JSON export of findings for automation
- Standalone Python engine for integration
Project Samples
