General Usage
After you setup jxscout, if you use your browser, all the HTML and JS files that flow through your proxy (Burp or Caido) will be downloaded to the ~/jxscout/<current_project> folder.
When using jxscout, it's important to keep your browser's cache disabled. This is important because if JS files are cached by your browser, a request won't be made to your proxy and in turn those files won't reach jxscout.
Assets organization
Assets will be downloaded to the ~/jxscout/<current_project> folder and organized in the following way:
original- keeps original HTML and JS files that were downloaded by jxscout.optimized- keeps optimized versions of JS files that were optimized by jxscout.sourcemaps/reversed- keeps files that were reversed from .map files by jxscout.
Projects
When you start jxscout for the first time a default project will be created. However you probably want to have different projects for each target you are working on.
When you create a new project, jxscout will create a dedicated database and folder where files will be downloaded to. You can create a new project by typing into the jxscout CLI prompt config project-name=<my_new_project>
Configuration
Configurations are saved per project, and can be changed by using the config command. You can type config into the jxscout CLI to get the current configuration. You can type config value_to_change=new_value to change specific configs.
Here is a list of all the configurations and their usage:
hostname: localhost | the hostname where jxscout will listen for requests
port: 3333 | the port where jxscout will listen for requests
project-name: mynewproject | /Users/francisconeves/jxscout/mynewproject | name of your project folder where downloaded files will be stored
scope: <empty> | comma-separated list of patterns to filter requests (e.g. *google*,*youtube*)
debug: false | turn on detailed logs for troubleshooting
fetch-concurrency: 5 | how many files to download at once (for chunks and source maps)
save-concurrency: 5 | how many files to save to disk at once
beautifier-concurrency: 5 | how many files to beautify at once
chunk-discoverer-concurrency: 5 | how many chunk discovery processes to run at once
ast-analyzer-concurrency: 10 | how many AST analysis processes to run at once
optimizer-concurrency: 2 | how many optimizer processes to run at once
unpacker-concurrency: 5 | how many unpacker processes to run at once
chunk-discoverer-bruteforce-limit: 3000 | how many potential chunks to bruteforce when automatic discovery fails
js-requests-cache-ttl: 10m0s | how long to wait before re-downloading the same JS file
html-requests-cache-ttl: 10m0s | how long to wait before re-downloading the same HTML page
rate-limiter-max-requests-per-minute: 0 | max requests per minute for source maps and chunk discovery (0 = unlimited)
rate-limiter-max-requests-per-second: 2 | max requests per second for source maps and chunk discovery (0 = unlimited)
download-refered-js: false | download JS files from out-of-scope domains if they're linked from in-scope pages
log-buffer-size: 10000 | how many log lines to show in the logs panel
log-file-max-size-mb: 10 | max size of the log file in MB
caido-hostname: localhost | localhost
caido-port: 8080 | port where Caido is running
override-content-check-interval: 5s | interval at which to check for changes in override content and update match/replace rules
enable-optimizer: true | enable the optimizer module
enable-unpacker: false | enable the unpacker module
memory-limit-mb: 8192 | soft limit for the total memory in MB that jxscout and its subprocesses will use. if this limit is reached, jxscout will start throttling new subprocesses from being created
memory-usage-check-interval: 5s | interval at which to check memory usage
beautifier-memory-usage-limit-mb: 6144 | max memory usage for each beautifier process in MB (0 = unlimited). if this limit is reached, the
offending beautifier process will be killed
chunk-discoverer-memory-usage-limit-mb: 6144 | max memory usage for each chunk discoverer process in MB (0 = unlimited). if this limit is reached, the offending chunk discoverer process will be killed
ast-analyzer-memory-usage-limit-mb: 6144 | max memory usage for each AST analyzer process in MB (0 = unlimited). if this limit is reached, the offending AST analyzer process will be killed
source-map-discoverer-memory-usage-limit-mb: 6144 | max memory usage for each source map discoverer process in MB (0 = unlimited). if this limit is reached, the offending source map discoverer process will be killed
optimizer-memory-usage-limit-mb: 6144 | max memory usage for each optimizer process in MB (0 = unlimited). if this limit is reached, the offending optimizer process will be killed
unpacker-memory-usage-limit-mb: 6144 | max memory usage for each unpacker process in MB (0 = unlimited). if this limit is reached, the offending unpacker process will be killed
filesystem-ingestion-files-per-second: 10 | number of files to ingest per second from the filesystem
mcp-server-hostname: | hostname where the MCP server will listen for requests
mcp-server-port: 0 | port where the MCP server will listen for requests