# JSHunter - High-Performance JavaScript Security Scanner
[](https://github.com/iamunixtz/JsHunter)
[](LICENSE)
[](https://python.org)
[](https://github.com/trufflesecurity/trufflehog)
A blazing-fast JavaScript security scanner that can process **1 million URLs in ~5 hours** using advanced parallel processing and async operations. JSHunter is designed for security researchers, penetration testers, and developers who need to identify sensitive information in JavaScript files at scale.
## 🚀 Performance Features
- **Async Downloads**: 200+ concurrent HTTP downloads with connection pooling
- **Batch Scanning**: TruffleHog processes multiple files simultaneously
- **Parallel Processing**: 50+ worker threads for maximum throughput
- **Memory Efficient**: Chunked processing to handle massive datasets
- **Progress Tracking**: Real-time progress with ETA and rate monitoring
- **Resume Capability**: Built-in error handling and recovery
## 🔧 Installation
### Option 1: PyPI Installation (Recommended)
```bash
# Install JSHunter from PyPI
pip install jshunter
# Setup TruffleHog binary
jshunter --setup
# Verify installation
jshunter --version
```
### Option 2: Source Installation
```bash
# Clone the repository
git clone https://github.com/iamunixtz/JsHunter.git
cd JsHunter
# Install dependencies
pip install -r requirements.txt
# Setup TruffleHog binary
python3 jshunter --setup
```
## 📊 Performance Benchmarks
| URLs | Legacy Mode | High-Performance Mode | Speedup |
|------|-------------|----------------------|---------|
| 100 | 5-15 min | 30-60 sec | 10x |
| 1K | 1-3 hours | 3-8 min | 20x |
| 10K | 14-42 hours | 15-45 min | 30x |
| 100K | 6-17 days | 2.5-7.5 hours | 40x |
| 1M | 2-6 months | 4-12 hours | 50x |
## 🎯 Usage
### CLI Usage
#### High-Performance Mode (Recommended for 100+ URLs)
```bash
# Basic high-performance scan
jshunter --high-performance -f urls.txt
# Custom performance tuning
jshunter --high-performance \
--max-workers 100 \
--concurrent-downloads 500 \
--batch-size 200 \
-f urls.txt
# With Discord notifications
jshunter --high-performance \
--discord-webhook "https://discord.com/api/webhooks/..." \
-f urls.txt
```
#### Legacy Mode (Small batches)
```bash
# Single URL
jshunter -u "https://example.com/script.js"
# Multiple URLs from file
jshunter -f urls.txt
# With SSL bypass
jshunter --ignore-ssl -f urls.txt
```
### Web Interface
```bash
# Start the web interface
jshunter-web
# Access at http://localhost:8000
```
## 🔗 Discord Integration
JSHunter supports Discord webhook integration for real-time notifications:
- **Verified findings**: Sent immediately as they are found
- **Unverified findings**: Sent as detailed TXT file after scan completion
- **Full secret values**: Complete API keys and secrets (not truncated)
- **Formatted reports**: Easy-to-read findings with source URLs and line numbers
```bash
jshunter -f urls.txt --discord-webhook "https://discord.com/api/webhooks/YOUR_WEBHOOK_URL"
```
## ⚙️ Configuration
### Performance Tuning
**Small (100-1K URLs):**
```bash
--max-workers 20 --concurrent-downloads 50 --batch-size 25
```
**Medium (1K-10K URLs):**
```bash
--max-workers 50 --concurrent-downloads 200 --batch-size 100
```
**Large (10K-100K URLs):**
```bash
--max-workers 100 --concurrent-downloads 500 --batch-size 200
```
**Massive (100K+ URLs):**
```bash
--max-workers 200 --concurrent-downloads 1000 --batch-size 500
```
### Command Line Options
```
--high-performance Enable parallel processing mode
--max-workers N Number of worker threads (default: 50)
--concurrent-downloads N Max concurrent downloads (default: 200)
--batch-size N TruffleHog batch size (default: 100)
--connection-limit N HTTP connection limit (default: 100)
--ignore-ssl Bypass SSL certificate errors
--discord-webhook URL Send findings to Discord
--output FILE Save results to specific file
```
## 📁 Output Formats
### Separate Verified/Unverified Files
The tool automatically separates results into different files:
- **`verified_results_TIMESTAMP.json`** - Only verified findings (sent immediately to Discord)
- **`unverified_results_TIMESTAMP.json`** - Only unverified findings (saved after scan completes)
- **`combined_results.json`** - All findings together (if using `--output`)
### JSON Results
```json
{
"DetectorName": "GitHub",
"Verified": true,
"Raw": "ghp_xxxxxxxxxxxxxxxxxxxx",
"source_url": "https://example.com/script.js",
"SourceMetadata": {
"Data": {
"Filesystem": {
"file": "/path/to/file.js",
"line": 42
}
}
}
}
```
## 🛠️ System Requirements
- **CPU**: 4+ cores recommended (8+ for massive scans)
- **RAM**: 4GB minimum (8GB+ for large batches)
- **Network**: Stable internet connection
- **Disk**: 1GB+ free space for downloads
## 🔍 Error Handling
- **Network failures**: Automatic retry with exponential backoff
- **SSL errors**: Bypass with `--ignore-ssl` flag
- **Memory management**: Chunked processing prevents OOM
- **Interrupt handling**: Graceful shutdown on Ctrl+C
- **Resume capability**: Can restart from last checkpoint
- **File cleanup**: Downloaded files automatically deleted after processing
## 🤝 Integration
### With Other Tools
```bash
# From rezon (silent mode)
rezon | jshunter --high-performance
# From subfinder
subfinder -d example.com | jshunter --high-performance
```
### API Integration
```python
import asyncio
from jshunter import process_urls_high_performance
async def scan_urls(urls):
results = await process_urls_high_performance(
urls=urls,
tr_bin="/path/to/trufflehog",
max_concurrent_downloads=200,
batch_size=100
)
return results
```
## 📋 Best Practices
1. **Start Small**: Test with 100 URLs before scaling up
2. **Monitor Resources**: Watch CPU/memory usage during large scans
3. **Rate Limiting**: Respect target server resources
4. **Backup Results**: Save important findings immediately
5. **Network Stability**: Use stable internet for large batches
## 🐛 Troubleshooting
### Common Issues
**"Too many open files"**
```bash
ulimit -n 65536 # Increase file descriptor limit
```
**"Connection refused"**
```bash
--concurrent-downloads 50 # Reduce concurrent connections
```
**"Out of memory"**
```bash
--batch-size 25 # Reduce batch size
```
## 📄 License
MIT License - See LICENSE file for details.
## 🤝 Contributing
1. Fork the repository
2. Create a feature branch
3. Add tests for new functionality
4. Update documentation
5. Submit a pull request
## 📞 Support
- **Issues**: [GitHub Issues](https://github.com/iamunixtz/JsHunter/issues)
- **Discussions**: [GitHub Discussions](https://github.com/iamunixtz/JsHunter/discussions)
---
**Ready to scan 1M URLs in 5 hours? Let's go!** 🚀
Raw data
{
"_id": null,
"home_page": "https://github.com/iamunixtz/JsHunter",
"name": "jshunter",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "security, javascript, scanner, trufflehog, secrets, api-keys, tokens, high-performance, parallel-processing",
"author": "iamunixtz",
"author_email": "iamunixtz@example.com",
"download_url": "https://files.pythonhosted.org/packages/71/2c/ce486a02610d21ba99217ee5cf68f544a79eddfc12208444162198604614/jshunter-2.0.2.tar.gz",
"platform": null,
"description": "# JSHunter - High-Performance JavaScript Security Scanner\n\n[](https://github.com/iamunixtz/JsHunter)\n[](LICENSE)\n[](https://python.org)\n[](https://github.com/trufflesecurity/trufflehog)\n\nA blazing-fast JavaScript security scanner that can process **1 million URLs in ~5 hours** using advanced parallel processing and async operations. JSHunter is designed for security researchers, penetration testers, and developers who need to identify sensitive information in JavaScript files at scale.\n\n## \ud83d\ude80 Performance Features\n\n- **Async Downloads**: 200+ concurrent HTTP downloads with connection pooling\n- **Batch Scanning**: TruffleHog processes multiple files simultaneously\n- **Parallel Processing**: 50+ worker threads for maximum throughput\n- **Memory Efficient**: Chunked processing to handle massive datasets\n- **Progress Tracking**: Real-time progress with ETA and rate monitoring\n- **Resume Capability**: Built-in error handling and recovery\n\n## \ud83d\udd27 Installation\n\n### Option 1: PyPI Installation (Recommended)\n\n```bash\n# Install JSHunter from PyPI\npip install jshunter\n\n# Setup TruffleHog binary\njshunter --setup\n\n# Verify installation\njshunter --version\n```\n\n### Option 2: Source Installation\n\n```bash\n# Clone the repository\ngit clone https://github.com/iamunixtz/JsHunter.git\ncd JsHunter\n\n# Install dependencies\npip install -r requirements.txt\n\n# Setup TruffleHog binary\npython3 jshunter --setup\n```\n\n## \ud83d\udcca Performance Benchmarks\n\n| URLs | Legacy Mode | High-Performance Mode | Speedup |\n|------|-------------|----------------------|---------|\n| 100 | 5-15 min | 30-60 sec | 10x |\n| 1K | 1-3 hours | 3-8 min | 20x |\n| 10K | 14-42 hours | 15-45 min | 30x |\n| 100K | 6-17 days | 2.5-7.5 hours | 40x |\n| 1M | 2-6 months | 4-12 hours | 50x |\n\n## \ud83c\udfaf Usage\n\n### CLI Usage\n\n#### High-Performance Mode (Recommended for 100+ URLs)\n\n```bash\n# Basic high-performance scan\njshunter --high-performance -f urls.txt\n\n# Custom performance tuning\njshunter --high-performance \\\n --max-workers 100 \\\n --concurrent-downloads 500 \\\n --batch-size 200 \\\n -f urls.txt\n\n# With Discord notifications\njshunter --high-performance \\\n --discord-webhook \"https://discord.com/api/webhooks/...\" \\\n -f urls.txt\n```\n\n#### Legacy Mode (Small batches)\n\n```bash\n# Single URL\njshunter -u \"https://example.com/script.js\"\n\n# Multiple URLs from file\njshunter -f urls.txt\n\n# With SSL bypass\njshunter --ignore-ssl -f urls.txt\n```\n\n### Web Interface\n\n```bash\n# Start the web interface\njshunter-web\n\n# Access at http://localhost:8000\n```\n\n## \ud83d\udd17 Discord Integration\n\nJSHunter supports Discord webhook integration for real-time notifications:\n\n- **Verified findings**: Sent immediately as they are found\n- **Unverified findings**: Sent as detailed TXT file after scan completion\n- **Full secret values**: Complete API keys and secrets (not truncated)\n- **Formatted reports**: Easy-to-read findings with source URLs and line numbers\n\n```bash\njshunter -f urls.txt --discord-webhook \"https://discord.com/api/webhooks/YOUR_WEBHOOK_URL\"\n```\n\n## \u2699\ufe0f Configuration\n\n### Performance Tuning\n\n**Small (100-1K URLs):**\n```bash\n--max-workers 20 --concurrent-downloads 50 --batch-size 25\n```\n\n**Medium (1K-10K URLs):**\n```bash\n--max-workers 50 --concurrent-downloads 200 --batch-size 100\n```\n\n**Large (10K-100K URLs):**\n```bash\n--max-workers 100 --concurrent-downloads 500 --batch-size 200\n```\n\n**Massive (100K+ URLs):**\n```bash\n--max-workers 200 --concurrent-downloads 1000 --batch-size 500\n```\n\n### Command Line Options\n\n```\n--high-performance Enable parallel processing mode\n--max-workers N Number of worker threads (default: 50)\n--concurrent-downloads N Max concurrent downloads (default: 200)\n--batch-size N TruffleHog batch size (default: 100)\n--connection-limit N HTTP connection limit (default: 100)\n--ignore-ssl Bypass SSL certificate errors\n--discord-webhook URL Send findings to Discord\n--output FILE Save results to specific file\n```\n\n## \ud83d\udcc1 Output Formats\n\n### Separate Verified/Unverified Files\nThe tool automatically separates results into different files:\n\n- **`verified_results_TIMESTAMP.json`** - Only verified findings (sent immediately to Discord)\n- **`unverified_results_TIMESTAMP.json`** - Only unverified findings (saved after scan completes)\n- **`combined_results.json`** - All findings together (if using `--output`)\n\n### JSON Results\n```json\n{\n \"DetectorName\": \"GitHub\",\n \"Verified\": true,\n \"Raw\": \"ghp_xxxxxxxxxxxxxxxxxxxx\",\n \"source_url\": \"https://example.com/script.js\",\n \"SourceMetadata\": {\n \"Data\": {\n \"Filesystem\": {\n \"file\": \"/path/to/file.js\",\n \"line\": 42\n }\n }\n }\n}\n```\n\n## \ud83d\udee0\ufe0f System Requirements\n\n- **CPU**: 4+ cores recommended (8+ for massive scans)\n- **RAM**: 4GB minimum (8GB+ for large batches)\n- **Network**: Stable internet connection\n- **Disk**: 1GB+ free space for downloads\n\n## \ud83d\udd0d Error Handling\n\n- **Network failures**: Automatic retry with exponential backoff\n- **SSL errors**: Bypass with `--ignore-ssl` flag\n- **Memory management**: Chunked processing prevents OOM\n- **Interrupt handling**: Graceful shutdown on Ctrl+C\n- **Resume capability**: Can restart from last checkpoint\n- **File cleanup**: Downloaded files automatically deleted after processing\n\n## \ud83e\udd1d Integration\n\n### With Other Tools\n\n```bash\n# From rezon (silent mode)\nrezon | jshunter --high-performance\n\n# From subfinder\nsubfinder -d example.com | jshunter --high-performance\n```\n\n### API Integration\n\n```python\nimport asyncio\nfrom jshunter import process_urls_high_performance\n\nasync def scan_urls(urls):\n results = await process_urls_high_performance(\n urls=urls,\n tr_bin=\"/path/to/trufflehog\",\n max_concurrent_downloads=200,\n batch_size=100\n )\n return results\n```\n\n## \ud83d\udccb Best Practices\n\n1. **Start Small**: Test with 100 URLs before scaling up\n2. **Monitor Resources**: Watch CPU/memory usage during large scans\n3. **Rate Limiting**: Respect target server resources\n4. **Backup Results**: Save important findings immediately\n5. **Network Stability**: Use stable internet for large batches\n\n## \ud83d\udc1b Troubleshooting\n\n### Common Issues\n\n**\"Too many open files\"**\n```bash\nulimit -n 65536 # Increase file descriptor limit\n```\n\n**\"Connection refused\"**\n```bash\n--concurrent-downloads 50 # Reduce concurrent connections\n```\n\n**\"Out of memory\"**\n```bash\n--batch-size 25 # Reduce batch size\n```\n\n## \ud83d\udcc4 License\n\nMIT License - See LICENSE file for details.\n\n## \ud83e\udd1d Contributing\n\n1. Fork the repository\n2. Create a feature branch\n3. Add tests for new functionality\n4. Update documentation\n5. Submit a pull request\n\n## \ud83d\udcde Support\n\n- **Issues**: [GitHub Issues](https://github.com/iamunixtz/JsHunter/issues)\n- **Discussions**: [GitHub Discussions](https://github.com/iamunixtz/JsHunter/discussions)\n\n---\n\n**Ready to scan 1M URLs in 5 hours? Let's go!** \ud83d\ude80\n",
"bugtrack_url": null,
"license": null,
"summary": "High-Performance JavaScript Security Scanner - Process 1M URLs in ~5 hours with Telegram & Discord bot integration",
"version": "2.0.2",
"project_urls": {
"Bug Reports": "https://github.com/iamunixtz/JsHunter/issues",
"Documentation": "https://github.com/iamunixtz/JsHunter#readme",
"Homepage": "https://github.com/iamunixtz/JsHunter",
"Source": "https://github.com/iamunixtz/JsHunter"
},
"split_keywords": [
"security",
" javascript",
" scanner",
" trufflehog",
" secrets",
" api-keys",
" tokens",
" high-performance",
" parallel-processing"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "b3aa5689bba62ffc29f9767f9eb34ae5214316ee7b4540894a52d65d6b626e30",
"md5": "4a9a25c55f934c0f5d36fe2c585a3fa6",
"sha256": "3cc827741eec4e15c51070aa731f315329370663393bba2d81295ffd607ee23d"
},
"downloads": -1,
"filename": "jshunter-2.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4a9a25c55f934c0f5d36fe2c585a3fa6",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 18141,
"upload_time": "2025-10-18T23:19:40",
"upload_time_iso_8601": "2025-10-18T23:19:40.498741Z",
"url": "https://files.pythonhosted.org/packages/b3/aa/5689bba62ffc29f9767f9eb34ae5214316ee7b4540894a52d65d6b626e30/jshunter-2.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "712cce486a02610d21ba99217ee5cf68f544a79eddfc12208444162198604614",
"md5": "3e127a6cc82e4d501c95280bd7cdf2ab",
"sha256": "4df3824560f05f6bd12b20e54119d8bdf4bbff81c3ce59e1cbbf7a1ec8de2328"
},
"downloads": -1,
"filename": "jshunter-2.0.2.tar.gz",
"has_sig": false,
"md5_digest": "3e127a6cc82e4d501c95280bd7cdf2ab",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 20397,
"upload_time": "2025-10-18T23:19:41",
"upload_time_iso_8601": "2025-10-18T23:19:41.871897Z",
"url": "https://files.pythonhosted.org/packages/71/2c/ce486a02610d21ba99217ee5cf68f544a79eddfc12208444162198604614/jshunter-2.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-18 23:19:41",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "iamunixtz",
"github_project": "JsHunter",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "requests",
"specs": [
[
">=",
"2.31.0"
]
]
},
{
"name": "python-telegram-bot",
"specs": [
[
">=",
"20.7"
]
]
}
],
"lcname": "jshunter"
}
JSON
