JSluice is an open-source, Go package and command-line tool used to extract information from JavaScript files and code.
Building detailed maps of web applications and their supporting JavaScript code and files is paramount to vulnerability discovery in offensive security testing. But for pen testers, discovering the deepest, darkest secrets in JavaScript can be like mining for gold, sifting through copious amounts of extraneous information to find the smallest bits of criticality that expose weak points in applications. Knowing where to turn for the latest and greatest JavaScript mining tool developments is worth its weight in gold for offensive security practitioners needing to constantly increase efficiency and efficacy in web application penetration testing.
With JSluice, penetration testers can:
Tom Hudson is a Senior Security Engineer at Bishop Fox, where he is part of the capability development team for Cosmos. He specializes in developing innovative tools that improve the quality of intelligence generated and processed through continuous penetration testing. Tom is the well-known author of numerous command-line tools, which can usually be leveraged together for security research, penetration testing, and bug bounty hunting. His contributions include open source projects such as gron, meg, and unfurl.
Tom is an active member of the information and cybersecurity community and has been a speaker at multiple events including the RSA Conference, BSides Leeds, Agile Yorkshire, the Sky Betting & Gaming Tech Talks, and Hey! Presents. He has also made guest appearances in popular podcasts and YouTube channels, such as HackerOne, Security Weekly, Undetected, STÖK, Web Development Tutorials, and his work has been featured in the Code Maven and Intigriti blogs. He was awarded a Most Valuable Hacker (MVH) belt at the h1-4420 live event in 2019.
Tom enjoys giving back to the community through mentoring and teaching. He has hosted multiple workshops, including a series of talks on cybercrime for UK police and investigators.
Jul 20, 2023
Introducing jsluice: The Why Behind JavaScript Gold Mining (Part 1)
By Tom Hudson
Jul 20, 2023
Introducing jsluice: A Technical Deep-Dive for JavaScript Gold (Part 2)
By Tom Hudson
An Interview with Tom Hudson, Senior Security Engineer at Bishop Fox - DEF CON 31
In this session, we talk with Tom Hudson who is a Senior Security Engineer at Bishop Fox, where he is part of the Capability Development team for Cosmos.
This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.