Spent the last few days optimizing the app with the team. app.jsmon.sh is now ~500% faster too! We added caching + optimized services to make things feel instant.

Hello hackers! Our GitHub org (was rashahacks) is now jsmonhq - github.com/jsmonhq. 🔹 Jsmon CLI → github.com/jsmonhq/jsmon-… 🔹 Jsmon Burp Suite Extension → github.com/jsmonhq/jsmon-… Follow jsmonhq on Github for all our open-source updates! 💻✨

Identify vulnerable NPM packages with DepiConf. app.jsmon.sh/tools/npm-vali…. Checkout the video from Jsmon - jsmon.sh.

Halloween offer at Jsmon Pro Monthly & Yearly Subscriptions 50% Off (24 hours Left). Scans for APIs, secret keys, cloud assets, PII data, third party packages, etc. with JS context. Checkout jsmon.sh/halloween-offe… #jsmon #bugbounty #offer #halloween

First day at Exhibition World Bahrain for AICS 2025. It was nice to see so many new cybersec people in the Middle-East region. Connected with lot of new folks today! Participated in the onsite CTF and scored 1st on the leaderboard and only person with the most wins.

Thank you for mentioning André André Baptista!

You can also utilize jsmon.sh meant for monitoring JS files and even analyzing for vulnerability patterns. It's a SaaS solution on GCP and AWS, so no need to setup and anything. Just signup for free, setup your data privacy settings, scan your domains and put

We’re hosting a live webinar on ‘Listening like a Hacker with Jsmon’. Join us with the below link Webinar link : meet.zoho.in/wtqn-ujx-hcv #cybersecurity #hackers

Bugbounty Tip: Find api paths from a domain using Jsmon and make a wordlist out of it. Then, scan API hostnames with ffuf, kiterunner or other fuzzing tools. ffuf -w wordlist.txt -u https://api.[target].com/FUZZ Always respect the rate limitation policies of a program while

🚀 New update: Report false positives in JS Intelligence & Keys/Secrets. Hover over the value → Click the red flag. This helps us boost the vulnerability detection accuracy. #cybersecurity

A bugbounty tip for api hacking- 1. Got a GraphQL asset (gql-api.<test>.com) to pentest. 2. Tried introspection query. It didn't work. 3. Fetch all the GraphQL operations from the frontend app, since it's making calls to GQL API for fetching data. 4. Scan the frontend asset

I’m in Indiranagar, Bangalore until 20th Nov for the Tech Summit. If you're around, let's meet up.

Thanks for mentioning Jsmon - jsmon.sh Samuel!!

Good Writeup. Thank you for mentioning Jsmon 😁!

🚀Jsmon hit 1,000 followers on X! More powerful scans, more automated security, and more tools to keep your JS based apps secure - coming soon. Stay tuned! Thank you for being part of this journey! #Jsmon #AppSec #SecurityTools

I once had a blind SSRF on a target but had zero visibility into which internal ports were actually reachable. Couldn’t brute-force or fuzz ports either, the program explicitly disallowed any kind of automated fuzzing. So I digged into their JS files and manually hunted for

Dataset with 532M JS files where avg. query time < 5 seconds. app.jsmon.sh/jsexplorer/

Black Friday Sale is LIVE | 50% OFF! Limited-time offer: $99/mo is now $49/mo! jsmon.sh/black-friday

24 Hours Left Only to avail Jsmon Pro! Below are few of our customer success stories.