⚡ JavaXray
Analyze JavaScript Files For Risky APIs, External Endpoints, and High-Entropy Literals — Fast, Local, and Safe
🧠 What is JavaXray?
JavaXray is a static analysis tool crafted to scan JavaScript files and detect:
⚠️ Usage of risky or sensitive browser APIs- 🌐 External endpoints (URLs, IPs, webhooks, etc.)
- 🧬 High-entropy strings (possibly secrets, tokens, etc.)
Everything runs locally — no external servers, no API calls.
🚀 Features
- 🛡️ Static Analysis Only — Safe by design
- 🔎 Fast scanning across JS files or directories
- 📡 Detects suspicious domains, endpoints, payloads
- 🧬 Flags encoded or high-entropy data (like JWTs or API keys)
- 🗂️ Supports bulk analysis via CLI
🛠️ Usage
python jsxray.py
📦 Installation
Clone the repo:
git clone https://github.com/karndeepbaror/JavaXray.git
cd JavaXray
python jsxray.py
📁 Output Example
[!] Risky API: document.write() → line 43
[!] External URL: https://malicious.example.com → line 88
[!] High-Entropy String (SHA256-like) → line 102🧑💻 Author
Made with 🖤 by [ Karndeep Baror]
📎 LinkedIn: www.linkedin.com/in/karndeepbaror
🛡️ Disclaimer
This tool is for educational and research purposes only. Use responsibly.