Settings

Scan configuration, notifications, and API reference.

scan configuration

js content validation

katana crawler

trufflehog

confidence

api extraction patterns (one regex per line)

analysis modules

sensitive url patterns (one regex/line)

sensitive keywords (one regex/line)

admin paths (one regex/line)

dom sink patterns (one regex/line)

graphql patterns (one regex/line)

webpack manifest paths (one/line)

js fuzz filenames (json array)

common JS filenames to probe at each subdomain root

domain noise list (json array)

domains to ignore during extraction (CDNs, analytics, etc.)

domain tlds (json array)

valid TLDs for domain extraction regex

junk extensions (json array)

junk path prefixes (json array)

junk url keywords (json array)

browser user agent

page timeout (s)

wait after load (s)

junk endpoint patterns (one regex/line)

discard endpoints matching these (e.g. bare extensions, test URLs)

min endpoint length

URLs shorter than this discarded (unless starting with /)

hackerone api

credentials for hackerone integration — browse programs & import wildcard scopes as targets

notifications

danger zone

Wipe all data & full rescan

Deletes all subdomains, JS files, findings, and re-scans every target from scratch.

are you sure?

rest api

Auth: Authorization: Bearer jsmonitor

GET/api/v1/targets/
POST/api/v1/targets/
GET/api/v1/targets/:id/
DELETE/api/v1/targets/:id/
POST/api/v1/targets/:id/scan/
GET/api/v1/endpoints/
GET/api/v1/changes/
GET/api/v1/secrets/