Unlock JavaScript
hidden secrets

JXScout discovers, analyzes, and optimizes JavaScript to reveal the security vulnerabilities that others miss.

Get Started
JXScout product interface

Engineered for deep analysis

JXScout saves every HTML and JS file to a clean, browsable folder structure mirroring the target's URL paths. Minified code is automatically beautified so you — and your AI agents — can read it instantly.

  • URL-mirrored directory structure
  • Automatic beautification of minified JS/HTML
  • AI-agent ready file organization
JXScout folder structure with URL-mirrored directory layout
JXScout chunk discovery showing lazy-loaded JS files

Discover the code others miss

Modern apps lazy-load JavaScript chunks that only appear under specific conditions. JXScout's chunk discovery engine supports Webpack, Vite, and Next.js — automatically fetching every chunk to maximize your coverage.

  • Webpack, Vite & Next.js support
  • Automatic lazy-loaded chunk fetching
  • Configurable rate limiting

Access the original source

When developers accidentally expose sourcemaps, JXScout finds and reverses them automatically — giving you the original, unminified source code with variable names, comments, and structure intact.

  • Automatic sourcemap detection
  • Full source reversal with original structure
  • Dramatically faster analysis
JXScout reversed sources showing original unminified code

Built-in static analysis

JXScout's static analysis engine automatically extracts API paths, hostnames, DOM manipulations, and custom patterns. Navigate large codebases instantly and extend with your own analyzers.

Paths & API endpoints

Automatically extract routes and API endpoints from JavaScript.

Hostnames & URLs

Discover backend services, API domains and URLs.

Sinks & sources

Detect postMessage handlers, innerHTML and other dangerous patterns.

Custom analyzers

Define regex, derived, or script-based analyzers for your specific needs.

JXScout static analysis extracting API paths, hostnames, and patterns
JXScout JavaScript optimizer revealing hidden API endpoints

Uncover hidden paths

The JavaScript optimizer inlines variable references, resolves string concatenations, and evaluates JSON.parse expressions — revealing API endpoints and server-side paths that were invisible to standard static analysis.

  • Variable reference inlining
  • String concatenation resolution
  • JSON.parse evaluation

Save gadgets and data flows

Highlight any section of code and save it as a bookmark with notes. Track interesting gadgets, dangerous sinks, data flow chains, and anything worth revisiting.

  • Inline code highlighting with notes
  • Track gadgets, sinks, and data flows
  • Organized per-project bookmark library
JXScout bookmarks highlighting code gadgets and data flows
JXScout agent skills analyzing code for security vulnerabilities

Built for AI agents

JXScout ships with agent skills that let AI assistants access static analysis results, manage bookmarks, and interact with your projects directly — turning any LLM into a security research partner.

  • Query static analysis findings
  • Create and manage bookmarks
  • Navigate projects and file trees

Pricing

Open Source

Community edition

Free
View on GitHub
  • File organization & beautification
  • Basic chunk discovery
  • Sourcemap reversal
  • Basic static analysis
Recommended

Pro

For individual security researchers

$10/month
Get Pro
  • Everything in Open Source
  • Enhanced chunk discovery coverage
  • JS optimization engine
  • Agent skills
  • Improved performance
  • Automation hooks
  • Native project management UX
  • VSCode extension navigation
  • Custom analyzers

Enterprise

For teams

Custom
  • Everything in Pro
  • Multiple seats
  • Custom pricing

FAQ

You’ll receive an email with your license key and a download link right away. From there you should be up and running in minutes.

I’m always happy to help! You can reach me on X (@fneves97), Discord (@francisco.neves97), or email (francisco@jxscout.app). I typically respond within a few hours.

Yes! JXScout works with both Burp Suite and Caido out of the box.

Yes, JXScout Pro runs natively on all three platforms — Windows, Linux, and macOS.

Any modern machine with at least 8 GB of RAM and a quad-core processor should handle JXScout Pro comfortably. Please reach out in case you have any performance issues.

I’d love to hear from you! Drop me a message on X (@fneves97), Discord (@francisco.neves97), or email francisco@jxscout.app.