jxscout is a background tool that automates many things for you: discovering lazy-loaded webpack chunks, prettifying code, and discovering and reversing sourcemaps. On top of that, it analyzes the code to find relevant pieces of information (e.g. secrets, API paths, etc.). All of that information can be easily accessed through a VSCode extension and used to build wordlists.

jxscout started as an open source project which is free to use and available on GitHub.

The pro version adds the following features:

• MCP Server - One of the great things about jxscout is that it automatically saves all JavaScript files to your file system. This makes it very easy to use AI tools (e.g. Cursor, GitHub Copilot, etc.) to analyze the code. With the MCP server, jxscout can provide even more context to AI tools, making it even more powerful.
• Project-level views and improved VSCode extension - The pro version extends the VSCode extension with many new capabilities that allow you to easily navigate through your target's code. One key difference is that in the free version you need to manually navigate through each file to view the analysis results from jxscout. In the pro version you can select multiple files, or even get analysis results for the entire project. This makes it really easy to do things like creating a wordlist of API paths found in the JS files.
• JavaScript Optimizer - The pro version adds an optimizer that automatically optimizes the JavaScript code, making it easier to read and, most importantly, it will inline string references. This will make jxscout find even more API paths. For instance, with the optimizer the following code: var apiBaseUrl = "/api"; var users = apiBaseUrl + "/users"; will be optimized to var users = "/api/users";
• Bug fixes and general improvements - I want to apply some of these to the open source version, but my main focus is this version, so there will be lots of improvements in the pro version that won't be available in the open source version for a while unfortunately.

If you are not sure which version to choose, you can always get a free trial license and try both!

Yes, jxscout supports both Burp and Caido.

Yes, jxscout can run on Windows, Linux, and macOS.

I haven't run any benchmarks, but a computer with 8GB of RAM and 4 cores should be enough to handle jxscout pro. There are some options that you can configure to decrease memory usage and parallelism which should make it run on a computer with less resources. The optimizer is the most resource intensive part of jxscout, and you also have the option to disable it. If you run into any performance issues, please reach out to me and I'll be happy to help.

Please reach out to me on X @fneves97 or Discord @francisco.neves97