Home
Features
Features
Pre-analysis
arrow_forward
Ensuring you get the best visibility and quality of data.
Optimization
arrow_forward
Advanced Static Analysis for helping in testing of applications.
Analysis
arrow_forward
Advanced Static Analysis for helping in testing of applications.
Explore code and results
arrow_forward
Find the most relevant features of the code to assist in your testing efforts from VS Code.
Integrate with Burp Suite
arrow_forward
Analyze traffic directly from your existing testing tools.
record_voice_over
Release Notes
arrow_forward
contact_support
FAQ
arrow_forward
downloading
Docs
arrow_forward
Blog
Docs
Release Notes
FAQ
Trial
Buy
drag_handle
close
Features
Explore just some of the ways that jswzl helps you understand applications, and find bugs.
01
· PROXY INTegration
Utilize Burp Suite
The jswzl plugin for Burp Suite sends all Javascript that passes through the proxy to the analysis server, and more!
Feature ·
01
fingerprint
Fetches
sourcemaps
Sourcemaps allows us to see the original source code if they exist. jswzl attempts to fetch a `.map` file for every Javascript file requested.
Feature ·
02
fingerprint
Fetch packed
chunks
Chunks are often only loaded on demand. Using a sandbox, jswzl discovers and pre-fetches all chunks.
02
· Pre-analysis
fingerprint
Source
Pre-analysis
Applies source maps to the source code
Any source maps present is applied to the code, and any packed code is unpacked into their own files for analysis.
Extract packed code
Packed sources are extracted into their individual files, allowing you to see the original structure of the code.
03
· optimization
Advanced
Tree Optimizations
check
Step
01
Resolve references
Using a custom Javascript interpreter, the tree is walked and references are resolved.
check
Improved semantic understanding for the analysis engine.
check
Improved user experience when reading the code, better showing the intent of the code.
check
Step
02
Iterative optimization process
jswzl has a library of optimizers which transforms the code to better show intent, and undoing certain minification to improve semantic clarity.
Example: Collapsing string operations
fingerprint
1
var apiHost = "https://api.example.com";
2
var apiBasePath = "api/";
3
var requestPath = `{apiHost}{apiBasePath}` + "v1/".concat("users");
3
var requestPath = `https://api.example.com/api/v1/users`;
check
Step
03
Code is prettified
The code is prettified, making it easier to read for a human.
fingerprint
1
if (isValid(input)) { process(input); } else { showError(); }
1
if (isValid(input)) {
2
process(input);
3
} else {
4
showError();
5
);
04
- DESCRIptors
fingerprint
Extract
Descriptors
from code
The code is annotated with Descriptors, describing the constituent parts of the code relevant to testers.
1
api
/users/1
2
3
/scripts/main.
js
4
5
rest/
v1
/admin/info
String Expressions
Find paths, secrets, GraphQL queries, and other pertinent text content.
1
const httpOptions =
{
2
method: 'POST',
3
headers: {
4
'api-key': 'secret'
5
}
6
}
String Expressions
Find paths, secrets, GraphQL queries, and other pertinent text content.
1
const resp = await
fetch
(
2
url,
3
httpOptions
4
);
5
6
String Expressions
Find paths, secrets, GraphQL queries, and other pertinent text content.
.svg)
.svg)
api/users/1
/scripts/main.js
rest/v1/admin/info