JSHound: a tool for finding interesting things in JS files
JSHound is recon tool for bug bounty hunters and pentesters that extracts JavaScript files of target from multiple sources (Wayback Machine, Common Crawl, urlscan.io) and searches them for sensitive information such as API keys, tokens, and credentials. Supports online scanning, local analysis, and customizable wordlists for flexible recon workflows.
- 🔍 Collect JavaScript files from:
- 📥 Download JavaScript files locally for offline analysis
- 🕵️ Search for sensitive patterns (API keys, tokens, secrets, passwords, etc.)
- 🎛️ Interactive terminal menu for workflow selection
- 📂 Organized output saved in
./targets/<domain>/result/result.txt - ✨ Customizable:
- Skip unwanted JS files (frameworks, libraries, etc.)
- Use your own regex wordlist for pattern matching
# Clone this repository
git clone https://github.com/yourusername/JSHound.git
cd JSHound
pip3 install -r requirements.txt
python jshound.py -d <domain>-
-d: Target domain (required)
Example:-d example.com -
-fp: Comma-separated list of paths to filter (e.g., nuxt,node,jquery) Example:-fp nuxt,node,jquery -
-w_fp: Wordlist file containing paths to filter (e.g., ./pathskip.txt) Example:-w_fp ./pathdrop.txt -
-p: Comma-separated list of patterns to search for
Example:-p password,api_key,autotoken,token -
-w_p: Wordlist file containing patterns to search for
Example:-w_p ./patterns.txt
All findings are saved in:
./targets/<domain>/result/result.txt
- The JS file path or URL
- The matching keyword/pattern
- Line number and line content
- By default, common libraries (React, Vue, jQuery, etc.) are skipped.
- SSL warnings are disabled for easier fetching of JS files.
- If no matches are found, the tool will exit gracefully.
Created By: NakuTenshi