Release Notes

Discover the latest release notes.JS pages are source of goldmine for hackers, monitor your gold with JSMON!

  • Backend API
  • CLI Tool
  • v 2024.1.0

    19 Feb 2024

    Initial Release

    Introduced the JSMON for the first time

    Features:-

    • JS Extraction:Added extraction of JS urls from a domain name. Uses 3 recursion calls to find more JS inside other pages present on the first crawled page.
    • JS Scanner:Implemented scanning for single JS URL for 100+ API kets
    • Compare:Users can see changes in the two versions of JS file.
    • Upload URL:Implemented upload URL to upload a single JS URL
    • Rescan URL:Added rescan button function with every scanned URL to rescan it for changes.
    • Upload File:Implemented upload file function to upload a file containing many JS URLs.
    • Rescan File:Added rescan function with every scanned file to scan whole file for changes.
    • Scan All:Implemented scan all function to scan all the URLs extracted from JS Extractor.
    • Save All:Save all the URLs extracted from JS Extractor to Files section.
  • v 2024.1.1

    10 March 2024

    Description

    Implemented notificationo via discord for changes and added unminify tool

    New Features:-

    • Discord Webhook URL:Added a field for adding discordWebhookUrl for a user/organization.
    • Notifications:Implemented notifications service which send changes on the discord channel.
    • Unminify:Implemented unminify over server for heavy JS files from raw JS code or JS URL.

    Changes:-

    • Sorting/Pagination:Sorting and pagination implemented in viewUrls and viewFiles.
    • Searching:Searching implemented in URLs and compare sections.
    • JS Scanner:Implemented API keys scanning over a file (containing many JS URLs)

    Bug Fixes:-

    • JS Extraction:Takes less time to fetch JS URLs now.
    • JS Scanner:Implemented scanning for single JS URL for 100+ API keys.
    • Compare:Ueres can see changes in the two versions of JS files.
  • v 2024.2.0

    16 July 2024

    Significant Changes (v2 Release)

    Implemented Analysis Service, Scanner Service, Automated JS Discovery, API Access, Hourly/Daily Monitoring and Reports.

    New Features:-

    • Analysis Service:Implemented an analysis service in NodeJs to look for urls, domains, IP addresses, emails, api paths, gql queries, gql mutations guides inside JS code.
    • Scanner Service:Scanner service now scans for 100+ API keys automatically witjout any user interaction.
    • Automated Discovery:Deprecated JS Extractor and improvised it to extract JS and send the found JS URLs to analysis and scanner service automatically. User inputs a domain name, after which JS URLs are extracted and sent to monitoring, analysis and scanner service.
    • API Access:Added access to ourAPI. User can generate an API key and use any HTTP client to interact with the jsmon account.
    • Hourly/Daily Monitoring:User can toggle between hourly and daily monitoring for the JS URLs monitoring.
    • Reports:Implemented report generation in PDF format. Select domain names and get a PDF report with the data found from scanner service (150+ api keys detection) and analysis service (JS intel fields).

    Changes:-

    • Jsmon Service:Due to performance issues, migrated hash comparison for JS responses from python to Golang leading to x times performace improvement.
    • Compare:Happends on client side over the browser insted of server-side due to wrong results in diff view.
    • Serverless functionality:To avoid blocking from firewalls, we implemented serverless wherever we are making HTTP or any other network calls to the domains or URLs.

    Notes:-

    • Deprecated (JS URL Extractor):We are deprecating this as a service or feature. It's integrated within the domain scan now.
  • v 2024.2.1

    12 September 2024

    Description

    Added some new objects in Analysis service and added more API keys in

    Changes:-

    • Added Object:Added domainStatus attribute in the analysis service that detects second order domain takeovers
    • Added Object:Added invalidS3Domains attribute in the analysis service that detects s3 bucket takeovers.
    • Added Object:Added gqlFragments attribute in the analysis service that detects GQL fragments inside JS code.
    • Added 50 more modules in Scanner service:Implemented support for scanning 150 modules within JS code (previously 100)
    • Migrated to SES:Implemented AWS SES to send emails now everywhere.

    Bug Fixes:-

    • Performance improvements by improving heavy queries in the backend.
    • Performance improvements by implementing indexing.
    • Fixed uploadFile and scanDomain endpoints after changes in analysis service.
  • v 2024.2.2

    10 November 2024

    Description

    Added slack webhook URL in monitoring, delete domain scans, export functions, and bug fixes

    New Features:-

    • Slack webhook URL:Users can now add slack webhook URL in notifications to receive javascript monitoring report on slack.
    • Delete Domain Scan:It's possible to delete the scan results of a domain directly from Domain Scan section.
    • Export JS Intelligence, JS URLs and Keys & Secrets:You can now export JS Intelligence, JS URLs and Keys & Secrets in .json format

    Bug Fixes:-

    • Fixed bugs in monitoring service
  • v 2024.2.3

    20 December 2024

    Description

    Added concept of workspaces, Google Oauth, API caching, and bug fixes

    New Features:-

    • Workspaces:wkspId is now attached to every document including JS URL, JS Intelligence, Keys & Secrets, domains, etc. This keeps your projects separate and helps in differentiation.
    • Google Oauth:You can now login via Google and existing accounts using Gmail can use this option as well.
    • API Caching:At our first layer, we've implented caching to improve the response times.

    Bug Fixes:-

    • Fixed bugs in JS Intelligence Table and export options
  • v 2024.3.0

    24 January 2025

    Description

    JS Fuzzing, JS Subdomain Scanning, False Positive Filtering

    New Features:-

    • JS Fuzzing:JS URL extraction process now includes fuzzing with a wordlist of common .js files
    • JS Subdomain Scanning:By adding ?subdomains=true in /automateScanDomain API endpoint, you can now include the subdomains which are present in final JS URLs again to be rescanned.

    Changes:-

    • We remove false positive API paths, extractedDomains, extractedUrls, nodeModulesWithDependenencyConfusion and also moduleScannerResults (Keys & Secrets).

    Bug Fixes:-

    • Performance improvements in microservices