JS Recon Buddy
Analyze page scripts for bug bounty reconnaissance.
As of June 2026, JS Recon Buddy has 693 users and a 5.00/5 rating from 3 reviews in the Privacy & Security category.
Usersup 40.0 percent+40.0%
693
693
Ratingno change0%
5.00
3 reviews
Reviewsno change0%
3
Version
1.20.2
Manifest V3
History
9 snapshotsTracking since Apr 1, 2026.
View as table
| Date | Users | Rating | Reviews | Version |
|---|---|---|---|---|
| Apr 1, 2026 | 495 | 5.00 | 3 | 1.20.2 |
| Apr 8, 2026 | 503 | 5.00 | 3 | 1.20.2 |
| Apr 19, 2026 | 536 | 5.00 | 3 | 1.20.2 |
| Apr 24, 2026 | 560 | 5.00 | 3 | 1.20.2 |
| May 5, 2026 | 556 | 5.00 | 3 | 1.20.2 |
| May 12, 2026 | 593 | 5.00 | 3 | 1.20.2 |
| May 20, 2026 | 608 | 5.00 | 3 | 1.20.2 |
| May 30, 2026 | 653 | 5.00 | 3 | 1.20.2 |
| Jun 8, 2026 | 649 | 5.00 | 3 | 1.20.2 |
| Now | 693 | 5.00 | 3 | 1.20.2 |
Permissions & access
- Permissions
- activeTabscriptingstoragetabsunlimitedStoragewebNavigationoffscreen
- Host access
- <all_urls>
Screenshots
About
The scanner uses a set of regex patterns to identify and categorize potential security-related information: - Subdomains - discovers related subdomains within the code. - Endpoints & Paths - uncovers potential API endpoints and other useful paths. For Next.js applications, it also automatically parses (if possible) the build manifest to discover all client-side routes. - Potential Secrets - scans for API keys, tokens, and other sensitive data using pattern matching and Shannon entropy checks. - Potential DOM XSS Sinks - identifies dangerous properties and functions like .innerHTML and document.write. - Interesting Parameters - flags potentially vulnerable URL parameters (e.g., redirect, debug, url). - Potential Dependency Confusion - (opt-in) identifies private NPM packages that are not on the public registry, flagging a potential dependency confusion attack vector. - Source Maps - finds links to source maps which can expose original source code. Can optionally guess the location of source maps for discovered JavaScript files even if they aren't explicitly linked. If it is a valid source map, the extension tries to deconstruct source files based on data there - JS Libraries - lists identified JavaScript libraries and their versions. - External and Inline Scripts - provides a complete inventory of all JavaScript sources loaded by the page, allowing you to view the content of any script in a formatted viewer.
Technical
- Version
- 1.20.2
- Manifest
- V3
- Size
- 534KiB
- Min Chrome
- 88
- Languages
- 1
- Featured
- No
Metadata
- ID
- emihdlmaomlajmkaanockgjhojehafnp
- Developer ID
- u7f97f9624f5218d63eddc774b6e350a1
- Developer Email
- [email protected]
- Created
- Sep 26, 2025
- Last Updated (Store)
- Jan 20, 2026
- Last Scraped
- Jun 8, 2026
- Website
- —
- Support URL
- https://github.com/TheArqsz/JSRecon-Buddy
Similar extensions
Alternatives to JS Recon Buddy, ranked by description similarity.
DevSecTools - Secret Scanner
Scan code repositories for exposed API keys, credentials, and secrets in GitHub, GitLab, and VS Code
10
Nexus
Web recon platform. Detects exposed API keys, tokens, configs, tech stack, and probes sensitive paths.
24
★ 5.0
SithScanner
Detects and mitigates emerging exploits such as ClickFix, FileFix, etc.
—
VibeSec - Web Security Scanner
Analyze web application security, headers, and vulnerabilities instantly
17
Shadow Security - Website Scanner
Real-time website security scanner that detects XSS, crypto miners, malicious scripts, and other web threats
2
SecuriScanX
Harden your input points - detect SQLi, XSS & CMDi within seconds.
69
★ 5.0
NPM SPC Detector
Scans websites searching for TTPs related with the NPM supplay chain attack
—
NavSec Vulnerability Scanner
Comprehensive security scanner with advanced XSS detection, API security analysis, and authentication testing
206
★ 5.0
Data sourced from the Chrome Web Store · last verified Jun 8, 2026.