ab2pentest

ab2pentest / BurpJSReconRadar

Public

Burp Suite extension for passive JS reconnaissance - detects 1,600+ secret patterns, API keys, endpoints, and security misconfigurations in HTTP responses in real-time.

api-keys bug-bounty burp-extension burp-suite javascript
11
3
100% credibility
Found Apr 01, 2026 at 11 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

JSReconRadar is a Burp Suite extension that passively detects secrets, API keys, endpoints, sensitive data, and security issues in JavaScript files from HTTP responses in real-time.

How It Works

1
🔍 Discover JSReconRadar

You hear about this helpful add-on that automatically spots hidden secrets and important links in website files while you browse securely.

2
📱 Get Your Security Checker Ready

Open your web security app, the one that lets you inspect site traffic carefully.

3
Add the Tool Easily

Download the simple add-on file and load it into your security app with just a few clicks, and a new tab appears.

4
🌐 Browse the Website

Visit the site you want to check by routing your browsing through the security app, and the tool quietly scans everything in the background.

5
🚨 Findings Light Up

Exciting alerts pop up instantly in the new tab, color-coded by danger level, showing secrets, private info, and weak spots you missed.

6
🔎 Dig Into the Details

Filter by urgency, search for specifics, click to see highlighted spots in the page files, and right-click to copy or note false alarms.

📋 Get Your Security Report

Save the full list or export it as a neat file, so you can fix issues, share with your team, and make the site safer.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 11 to 11 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is BurpJSReconRadar?

BurpJSReconRadar is a Python-based Burp Suite extension that passively scans JavaScript in HTTP responses for over 1,600 patterns like API keys, endpoints, private credentials, and security misconfigs in real-time. It works seamlessly with both Burp Suite Community Edition and Professional, turning your proxy traffic into a recon goldmine without active scanning. Developers get a dedicated tab with live results, filters, and exports—no more manual grep through JS files.

Why is it gaining traction?

It stands out among github burp extensions by bundling detections from tools like SecretFinder and LinkFinder into one UI, with severity filters, right-click actions to send to Repeater, and smart deduping that skips CDNs and noise. Users notice instant threading that doesn't slow Burp, plus CSV/JSON exports for burp bounty github reports. The hook is its breadth—AI keys, cloud creds, DOM XSS—all in a sortable table with context viewers.

Who should use this?

Bug bounty hunters on burp bounty github chasing api secrets in JS, pentesters running burp suite community edition download for passive recon, or security teams auditing endpoints in burp suite pro workflows. Ideal for anyone proxying through Burp Suite Windows setups tired of switching to separate burp scanner github tools.

Verdict

With 11 stars and a 1.0% credibility score, it's early-stage but promising—strong README and feature-complete docs make it worth a test drive over fragmented burp suite alternatives. Load it if you need quick JS intel; skip for production until more adoption. (187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.