Skip to content

Reconly-Labs/clientscan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
assets/samples
assets/samples
 
 
cmd/samplegen
cmd/samplegen
 
 
db
db
 
 
internal
internal
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
setup.sh
setup.sh
 
 

Repository files navigation

clientscan

clientscan is an open source Go CLI that scans web application JavaScript assets and extracts client-side intelligence.

Features

  • Discovers JavaScript URLs from HTML <script src="..."> tags.
  • Downloads JS files into out/{domain}/response/*.js.
  • Extracts:
    • endpoints
    • URL categories: third_party_urls, api_urls, internal_urls
    • ip_disclosures (public/non-localhost IP-based URLs)
    • environment variable names
    • potential exposed secrets
    • sourcemap URLs
    • npm package references
    • GraphQL endpoints
  • Fetches sourcemaps and rebuilds source files into out/{domain}/rebuilt/ when sourcesContent exists.
  • Runs an in-house JS-focused regex detector powered by rules from db/secrets.yaml and db/pii.yaml.
  • Generates default visual graph reports (PNG):
    • critical exposure graph (internal host + (secret or sourcemap) and IP disclosures)
    • third-party + npm trust graph
    • client exposure graph
  • Writes scan artifacts:
    • out/{domain}/jsinventory.json
    • out/{domain}/metadata.json
    • out/{domain}/reports/report.graph.json
    • out/{domain}/reports/report-graph-critical.png
    • out/{domain}/reports/report-graph-thirdparty.png
    • out/{domain}/reports/report-graph-client-exposure.png
  • Provides a live scan progress view that auto-clears on completion, followed by a styled final summary table.

Install and Run

cd clientscan
./setup.sh
./bin/clientscan --help
go run ./cmd/clientscan -url https://example.com

CLI

clientscan --help
clientscan -url https://example.com [flags]
clientscan scan -url https://example.com [flags]
clientscan version

Scan flags:

  • -url target webapp URL (required)
  • -out output root directory (default: out)
  • -timeout HTTP timeout seconds (default: 20)
  • -verbose enable debug logs
  • -quiet print only errors (default: true)
  • -mask-secrets mask detected secret/PII values in JSON output (default: false)

Output Structure

out/
  example.com/
    response/
      001_abcd1234ef56.js
      ...
    rebuilt/
      src/... (reconstructed from sourcemaps)
    reports/
      report.graph.json
      report-graph-critical.png
      report-graph-thirdparty.png
      report-graph-client-exposure.png
    jsinventory.json
    metadata.json

Rule Files

  • Required paths:
    • db/secrets.yaml
    • db/pii.yaml
  • Rule files must be raw YAML. If HTML content is detected, loading is rejected to prevent silent false scans.

Dependencies

  • dot from Graphviz is required for PNG graph rendering.
  • ./setup.sh installs and validates this by default.

Project Structure

cmd/clientscan/           # CLI entrypoint and flag parsing
internal/app/             # application orchestration and summary presentation
internal/logging/         # structured logging setup
internal/model/           # core types and config models
internal/output/          # artifact writers
internal/scan/            # discovery, download, analysis, sourcemap rebuild
internal/ui/              # Bubble Tea progress UI
internal/util/            # shared helpers

About

clientscan is an open source Go CLI that scans web application JavaScript assets and extracts client-side intelligence.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages