Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Offensive Tools


JSluice is an open-source, Go package and command-line tool used to extract information from JavaScript files and code.

About JSluice

Extract information from JavaScript files and code.

Building detailed maps of web applications and their supporting JavaScript code and files is paramount to vulnerability discovery in offensive security testing. But for pen testers, discovering the deepest, darkest secrets in JavaScript can be like mining for gold, sifting through copious amounts of extraneous information to find the smallest bits of criticality that expose weak points in applications. Knowing where to turn for the latest and greatest JavaScript mining tool developments is worth its weight in gold for offensive security practitioners needing to constantly increase efficiency and efficacy in web application penetration testing.

With JSluice, penetration testers can:

  • Extracting URLs, paths, secrets, and other interesting data from JavaScript source code
  • Sifts through large amounts of JavaScript to discover small pieces of valuable information for vulnerability discovery
  • Improve speed and efficiency to discover vulnerabilities in JavaScript files and code
Bishop Fox Researcher Tom Hudson Headshot

Security Researcher

Tom Hudson

Tom Hudson is a Senior Security Engineer at Bishop Fox, where he is part of the capability development team for Cosmos. He specializes in developing innovative tools that improve the quality of intelligence generated and processed through continuous penetration testing. Tom is the well-known author of numerous command-line tools, which can usually be leveraged together for security research, penetration testing, and bug bounty hunting. His contributions include open source projects such as gron, meg, and unfurl.

Tom is an active member of the information and cybersecurity community and has been a speaker at multiple events including the RSA Conference, BSides Leeds, Agile Yorkshire, the Sky Betting & Gaming Tech Talks, and Hey! Presents. He has also made guest appearances in popular podcasts and YouTube channels, such as HackerOne, Security Weekly, Undetected, STÖK, Web Development Tutorials, and his work has been featured in the Code Maven and Intigriti blogs. He was awarded a Most Valuable Hacker (MVH) belt at the h1-4420 live event in 2019.

Tom enjoys giving back to the community through mentoring and teaching. He has hosted multiple workshops, including a series of talks on cybercrime for UK police and investigators.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.