Skip to content

Core

Domain: core

Core static and semi-static analysis domain for script collection, deobfuscation, semantic inspection, webpack analysis, source map recovery, and crypto detection.

Profiles

  • workflow
  • full

Typical scenarios

  • Collect and inspect scripts
  • Understand obfuscated code
  • Recover code from bundles and source maps

Common combinations

  • browser + network + core
  • core + sourcemap + transform

Full tool list (25)

ToolDescription
collect_codeCollect JavaScript from a target website with configurable strategy.
search_in_scriptsSearch collected scripts by keyword or regex pattern.
extract_function_treeExtract a function and its dependency tree from collected scripts.
deobfuscateRun webcrack-powered JavaScript deobfuscation with bundle unpacking.
understand_codeRun semantic code analysis for structure, behavior, and risks.
detect_cryptoDetect cryptographic algorithms and usage patterns in source code.
manage_hooksCreate, inspect, and clear JavaScript runtime hooks.
detect_obfuscationDetect obfuscation techniques in JavaScript source.
webcrack_unpackRun webcrack bundle unpacking and return extracted module graph.
clear_collected_dataClear collected script data, caches, and in-memory indexes.
get_collection_statsGet collection, cache, and compression statistics.
webpack_enumerateEnumerate webpack modules in current page and search for keywords.
llm_suggest_namesUse LLM to suggest meaningful names for obfuscated identifiers.
js_deobfuscate_jsvmpDeobfuscate JSVMP/VM-protected JavaScript: extract VM bytecode and restore original logic.
js_deobfuscate_pipelineThree-stage deobfuscation pipeline: preprocess → deobfuscate → humanize.
js_analyze_vmAnalyze JSVMP/VM interpreter: dispatch type, handler table, opcode map.
js_solve_constraintsSolve opaque predicates and constant expressions in obfuscated code.
analysis_ast_matchMatch AST nodes by type and optional property filter.
analysis_deflat_control_flowFlatten switch-dispatch control flow back to straight-line code.
analysis_decode_string_arrayDecode literal string-array access back to strings.
js_symbolic_executeSymbolic execution of JavaScript: explore all feasible execution paths, collect path constraints, and solve them. Best for control-flow-flattened code with complex branching.
js_symbolic_execute_jsvmpSymbolic execution of JSVMP bytecode: step through instructions symbolically to infer original logic, constraints, and confidence score. Use after js_analyze_vm to get instructions.
ai_suggest_exploitsUse LLM to suggest exploit primitives and attack chains for a given vulnerability. Returns theoretical exploitation steps, references, and required conditions. IMPORTANT: Does NOT generate executable payloads or malicious code.
analysis_data_flowTrace data flow through JavaScript: identify sources (user input, network, storage), sinks (XSS, eval, SQL injection, command execution), sanitizer pass-through points, and tainted variable propagation paths. Useful for finding injection vulnerabilities.
analysis_security_scanStatic security scan of JavaScript: detect hardcoded secrets (API keys, tokens), dangerous functions (eval, Function constructor), XSS sinks (innerHTML, document.write), SQL injection patterns, and weak crypto (Math.random). Returns structured risks with severity and recommendations.

Released under AGPL-3.0-only