Join us for our 3rd Annual Bishop Fox Livestream event, happening during DEF CON 32. Sign Up for Livestream Alerts›

Offensive Tools

JSluice

JSluice is an open-source, Go package and command-line tool used to extract information from JavaScript files and code.

Get on GitHub

About JSluice

Extract information from JavaScript files and code.

Building detailed maps of web applications and their supporting JavaScript code and files is paramount to vulnerability discovery in offensive security testing. But for pen testers, discovering the deepest, darkest secrets in JavaScript can be like mining for gold, sifting through copious amounts of extraneous information to find the smallest bits of criticality that expose weak points in applications. Knowing where to turn for the latest and greatest JavaScript mining tool developments is worth its weight in gold for offensive security practitioners needing to constantly increase efficiency and efficacy in web application penetration testing.

With JSluice, penetration testers can:

  • Extracting URLs, paths, secrets, and other interesting data from JavaScript source code
  • Sifts through large amounts of JavaScript to discover small pieces of valuable information for vulnerability discovery
  • Improve speed and efficiency to discover vulnerabilities in JavaScript files and code
Bishop Fox Researcher Tom Hudson Headshot

Security Researcher

Tom Hudson

Tom Hudson is a Senior Security Engineer at Bishop Fox, where he is part of the capability development team for Cosmos. He specializes in developing innovative tools that improve the quality of intelligence generated and processed through continuous penetration testing. Tom is the well-known author of numerous command-line tools, which can usually be leveraged together for security research, penetration testing, and bug bounty hunting. His contributions include open source projects such as gron, meg, and unfurl.

Tom is an active member of the information and cybersecurity community and has been a speaker at multiple events including the RSA Conference, BSides Leeds, Agile Yorkshire, the Sky Betting & Gaming Tech Talks, and Hey! Presents. He has also made guest appearances in popular podcasts and YouTube channels, such as HackerOne, Security Weekly, Undetected, STÖK, Web Development Tutorials, and his work has been featured in the Code Maven and Intigriti blogs. He was awarded a Most Valuable Hacker (MVH) belt at the h1-4420 live event in 2019.

Tom enjoys giving back to the community through mentoring and teaching. He has hosted multiple workshops, including a series of talks on cybercrime for UK police and investigators.

JSluice Research

Check out these related resources

Black background with purple, blue, and white title letters. A turquoise gold mining pan with chunks of gold and a purple gold mining card underneath with gold chunks inside.
Tech

Jul 20, 2023

Introducing jsluice: The Why Behind JavaScript Gold Mining (Part 1)

By Tom Hudson

Dark black and purple background with turquoise, purple, and white letters. A turquoise gold mining pan with gold chunks above a purple gold mining cart filled with chunks of gold.
Tech

Jul 20, 2023

Introducing jsluice: A Technical Deep-Dive for JavaScript Gold (Part 2)

By Tom Hudson

Headshot of Tom Hudson, Senior Security Engineer at Bishop Fox, Bishop Fox logo, and the tilte: "The Art of Hacking".
Livestream

An Interview with Tom Hudson, Senior Security Engineer at Bishop Fox - DEF CON 31

In this session, we talk with Tom Hudson who is a Senior Security Engineer at Bishop Fox, where he is part of the Capability Development team for Cosmos.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.