Jshole is a simple JavaScript components vulnrability scanner, based on RetireJS.

Why use JShole instead of RetireJS?

By default, RetireJS only searches one page, but JShole tries to crawl all pages.


  • requests


git clone https://github.com/callforpapers-source/jshole.git
cd jshole
pip3 install -r requirements
python3 jshole.py

usage: jshole [-h] -u URL [-d] [-l LIMIT] [-t THREAT]
optional arguments:
-h, –help show this help message and exit
-u URL, –url URL url string
-d, –debug Web Scrap debugger(default=false)
-l LIMIT, –limit LIMIT
Search Depth limit(default=1)
-t THREAT, –threat THREAT
The number of links that open per round