ES: Este proyecto es un experimento de uso personal. No pretende ser una herramienta de detección de vulnerabilidades, sino un asistente automatizado de recon. Úsalo bajo tu propia responsabilidad.
IMPORTANT: YES! YOU NEED AN OPENAI API KEY !!
This project is aimed at bug bounty hunters and pentesters who already use Burp Suite extensively and want to reduce time spent reviewing low-signal JavaScript.This is a personal project based on the original BurpJSLinkFinder code (https://github.com/InitRoot/BurpJSLinkFinder?tab=readme-ov-file). I give them full credit for creating the code on which this is based. The idea is simply to make life easier during bug bounty reconnaissance while using Burp Suite.
It is not meant to be revolutionary, but rather to do the dirty work automatically. It detects endpoints in JS, filters noise, and performs AI analysis without you having to open huge files or dig through endless minified code.
Ideal for those who live glued to Burp and no longer want to press ‘Ctrl+F’ in 500 KB of JavaScript.
A little bit of everything:
🧠 Analysis with ChatGPT (TSV mode)
- Send only relevant pieces of JS, not the entire file.
- It is best to adjust the prompt, although one has been proposed as an example that significantly reduces noise.
IMPORTANT: Using the OpenAI 4 or mini model will result in many false positives This tool relies heavily on the PROMPT quality. A poorly written or overly aggressive prompt WILL generate false positives. A conservative example prompt is provided, but you are encouraged to tune it.
🎯 Realistic scope Only analyse domains that you define in config.json.
🧹 Filter by extensions Only want .js, .json or .php? Go ahead. No printing .png or .svg like the original did.
🔇 Reduced noise Excludes common CDNs, vendors, sourcemaps, libraries, etc.
📌 Smart cache Does not resend the same JS twice to the AI.
🧾 Readable logs Separate logs: one general and one just for in-scope endpoints.
Easy! We will need to overwrite the new FransLinkfinder.py in our ~/.BurpSuite/bapps/{BurpJSLinkFinderFolder}.
After that, add the rest of the project files.
At a minimum, we need to edit config.json, with the scope we want to define and the extensions we are interested in.
{
"scope": [
"*.Scope:wildcard.test",
"restricted.com"
],
"ext": [
"js",
"php",
"json",
"txt"
]
}In turn, we need to put the API KEY in the .env
- Passively intercepts in-scope JavaScript responses in Burp.
- Filters noise (CDNs, vendors, sourcemaps, analytics).
- Scores JS files based on heuristic signals (endpoints, sinks, secrets, auth flows).
- Sends only relevant JS (full, compact or snippets) to the OpenAI model.
- Caches content to avoid re-sending the same JS.
- Outputs TSV findings for fast triage inside Burp.