JS Analyzer - Burp Suite Extension by Jensec

src/network-services-pentesting/pentesting-web/README.md

@@ -245,6 +245,12 @@ Launch some kind of **spider** inside the web. The goal of the spider is to **fi
 - [**HTTPLoot**](https://github.com/redhuntlabs/HTTPLoot) (go): Crawl (even by filling forms) and also find sensitive info using specific regexes.
 - [**SpiderSuite**](https://github.com/3nock/SpiderSuite): Spider Suite is an advance multi-feature GUI web security Crawler/Spider designed for cyber security professionals.
 - [**jsluice**](https://github.com/BishopFox/jsluice) (go): It's a Go package and [command-line tool](https://github.com/BishopFox/jsluice/blob/main/cmd/jsluice) for extracting URLs, paths, secrets, and other interesting data from JavaScript source code.
+- [**JS Analyzer**](https://github.com/jenish-sojitra/JSAnalyzer) (Burp extension/Jython): Static JS parser to pull endpoints/URLs (incl. S3/Azure/GCP), secrets/tokens (cloud keys, JWTs, DB URIs), emails and sensitive file references while filtering common noise. Load `js_analyzer.py` in Burp, select JS responses → **Analyze JS with JS Analyzer**. The engine can also be called from Python:
+  ```python
+  from js_analyzer_engine import JSAnalyzerEngine
+  engine = JSAnalyzerEngine()
+  print(engine.analyze(javascript_content)["endpoints"])
+  ```
 - [**ParaForge**](https://github.com/Anof-cyber/ParaForge): ParaForge is a simple **Burp Suite extension** to **extract the paramters and endpoints** from the request to create custom wordlist for fuzzing and enumeration.
 - [**katana**](https://github.com/projectdiscovery/katana) (go): Awesome tool for this.
 - [**Crawley**](https://github.com/s0rg/crawley) (go): Print every link it's able to find.
@@ -437,4 +443,8 @@ Entry_12:
 
 </details>
 
+## References
+
+- [JS Analyzer - Burp Suite Extension](https://github.com/jenish-sojitra/JSAnalyzer)
+
 {{#include ../../banners/hacktricks-training.md}}