🕸️ URL Treasure Hunter: Unearth Every JavaScript Asset with One Magic Bookmark
TL;DR: This tiny snippet transforms any website into a treasure map of its JavaScript architecture - no tools, no extensions, just pure hacking elegance.
✨ The Magic Spell
javascript:(()=>{const r=new Set;Array.from(document.scripts).forEach(s=>s.src&&r.add(s.src));(document.documentElement.outerHTML.match(/\/[\w\-./?&%]+\.js\b/g)||[]).forEach(u=>r.add(u));document.body.innerHTML='<pre style="color:#0f0;background:#000;padding:1em;white-space:pre-wrap">'+[...r].join('\n')+'</pre>'})();
Copy this spell (starting with javascript:) into a new bookmark, and you’ve crafted a powerful tool for frontend exploration.
🔍 What This Sorcery Actually Does
When activated, this bookmarklet:
- Hunts down every JavaScript file the page depends on
- Captures both external
<script src="...">files and sneaky inline references - Transforms your current page into a Matrix-style terminal showing all JS assets
- Deduplicates everything automatically, leaving you with a clean manifest
⚙️ Under the Hood: How the Magic Works
| Code Chunk | What It’s Doing | Why It’s Clever |
|---|---|---|
const r = new Set; |
Creates a magic bag that automatically rejects duplicates | No manual filtering needed - instant deduplication |
Array.from(document.scripts) |
Transforms the DOM’s script collection into something we can manipulate | Browser collections are weird - this makes them behave |
s.src && r.add(s.src) |
Only grabs external scripts with actual source URLs | Ignores inline code that would clutter our results |
document.documentElement.outerHTML.match(/\/[\w\-./?&%]+\.js\b/g) |
Scans the entire HTML for anything ending in .js |
Catches those sneaky script references hiding in attributes and strings |
document.body.innerHTML='<pre style="color:#0f0;background:#000;... |
Replaces the page with a hacker-aesthetic output | Instant gratification without pop-ups or console-diving |
Pro tip: The green-on-black output isn’t just for show - it creates high contrast for readability and makes you feel like you’re in a 90s hacker movie. Win-win!
🛠️ Customize Your Tool
📋 Copy to Clipboard Instead
navigator.clipboard.writeText([...r].join('\n'));
alert('Heist complete! ' + r.size + ' JavaScript assets copied to clipboard');
🏠 Only Show Scripts from Current Domain
const host = location.host;
if (new URL(u, location).host === host) r.add(u);
🎯 Hunt Different Asset Types
Replace the regex to target CSS, images, or fonts:
/\.(css|png|jpg|svg|woff2?)\b/g
📊 Send to Your Dashboard
fetch('https://your-api.example/log', {
method: 'POST',
body: JSON.stringify([...r])
});
⚡ Performance Magic
- Lightning fast on most pages (sub-200ms)
- The regex is optimized for speed - no fancy look-behinds or complex assertions
- Memory efficient using Set for automatic deduplication
- Interrupts network activity when it rewrites the body - perfect for quick reconnaissance
🔒 Ethical Considerations
- White hat only - This tool reads what’s already in your browser, not server-side secrets
- Client-side only - No extra network requests or sneaky tracking
- Permission matters - Use on your own sites or with explicit permission for testing
- Respect the robots - While robots.txt doesn’t apply here, always honor a site’s terms
🚀 30-Second Setup
- Create a new bookmark (Ctrl/Cmd+D)
- Name it something cool like “JS Asset Hunter” or “Script Detector”
- Paste the one-liner into the URL field
- Click it on any page to see the magic happen
💎 Why This Matters
This isn’t just a neat trick—it’s a practical tool for:
- Security auditors reviewing third-party script inclusion
- Bug bounty hunters mapping attack surfaces
- Developers learning how complex sites organize their code
- Performance optimizers identifying script bloat
- Curious minds peeking behind the curtain of web technology
🔮 Level Up Your Web Exploration
In under 200 characters of code, you now have a digital skeleton key to unlock the JavaScript architecture of any website. Take it for a spin on your favorite sites—you might be surprised at what you find lurking beneath the surface.
Happy hacking! 💻✨