javascript_dom_analysis_skill

This skill detects frontend frameworks by analyzing global variables, DOM attributes, bundle patterns, and source maps to reveal technologies.
  • Python

42

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill transilienceai/communitytools --skill javascript_dom_analysis

  • SKILL.md7.8 KB

Overview

This skill detects frontend frameworks, libraries, analytics, and bundling patterns by inspecting page globals, DOM attributes, script paths, and source map references. It produces actionable signals (framework name, confidence, detection method) and highlights security-relevant findings such as exposed source maps. The output is designed for penetration testing, bug bounty triage, and security research workflows.

How this skill works

The skill runs a set of detectors against a page: it queries known global JavaScript variables, scans DOM attributes for framework markers, fingerprints JavaScript bundle paths and filenames, and checks scripts for sourceMappingURL references. It also identifies common analytics and tracking libraries by globals and script hosts. Results combine multiple signals with confidence scores and optional version extraction when available.

When to use it

  • Reconnaissance during web application pentests or bug bounty assessments
  • Rapid technology inventory for a target domain or set of pages
  • Detecting exposed source maps that may leak original source code
  • Verifying presence of analytics and tracking libraries for privacy/security reviews
  • Prioritizing attack surface based on frameworks and bundlers in use

Best practices

  • Only analyze publicly accessible pages and respect robots.txt and rate limits
  • Combine globals, DOM attributes, and bundle patterns to increase confidence
  • Treat source map access as a sensitive security finding and document URLs
  • Log detector errors and continue with remaining checks to maximize coverage
  • Avoid executing fetched JavaScript; use static inspection of scripts and HTML

Example use cases

  • Detect React/Next.js on a target to focus SSR/SSR hydration checks and known CVEs
  • Find ng-version or _ngcontent- attributes to quickly identify Angular apps and extract versions
  • Locate /_next/static/ paths and source maps to recover original file names for threat modeling
  • Identify analytics vendors (Google Analytics, Mixpanel, Hotjar) for privacy assessments
  • Flag exposed .map files as high-priority findings in a bug bounty report

FAQ

Yes when available: ng-version attributes, Next.js __NEXT_DATA__, or devtools hooks may yield versions; otherwise the skill reports best-effort or empty.

Does it execute page JavaScript?

No. The analysis relies on static inspection of globals, DOM attributes, script URLs, and sourceMappingURL comments without executing fetched scripts.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational