JavaScript › Security Automation with JavaScript
Building security tools with Node.js
JavaScript runs outside the browser too, via Node.js, and that makes it a tool-building language. Node has one standout advantage for security work: to analyse JavaScript, you’re using JavaScript — you can actually parse and execute the code you’re studying. This lesson covers Node tooling basics for recon and analysis.
You'll learn to
- Make HTTP requests and process data in Node
- Use Node's edge for analysing JavaScript
- Drive a real browser for dynamic analysis
HTTP and data in Node
// Node 18+ has fetch built in:
const res = await fetch("https://api.site.com/users");
const data = await res.json();
// Read files, run shell commands:
import { readFile } from "node:fs/promises";
const js = await readFile("app.js", "utf8");
// Extract endpoints with regex — same patterns as everywhere:
const endpoints = [...js.matchAll(/["'`](\/api\/[^"'`]+)["'`]/g)]
.map(m => m[1]);
Node gives you fetch, file access, and shell access — everything to build a recon tool. The regex extraction is identical to the Python and Bash versions; only the host language changed.
Node’s edge: analysing JavaScript with JavaScript
Because your tool is JavaScript, it can parse other JavaScript into an abstract syntax tree (AST) and analyse it structurally — far more precise than regex.
// Parse code into an AST and walk it (with a parser like acorn/espree):
import { parse } from "acorn";
const ast = parse(sourceCode, { ecmaVersion: "latest" });
// Now you can find every function call, every string literal,
// every property access — structurally, not by guessing with regex.
Driving a real browser
// Puppeteer/Playwright render JS-heavy apps and capture real behaviour:
import puppeteer from "puppeteer";
const browser = await puppeteer.launch();
const page = await browser.newPage();
page.on("request", req => console.log(req.method(), req.url())); // log every request
await page.goto("https://site.com");
await browser.close();
Checkpoint
What unique advantage does Node.js have for analysing other JavaScript, compared with doing it in Python or Bash?
Because the analysis tool is itself JavaScript, it can use JavaScript parsers to turn the target code into an abstract syntax tree and analyse it structurally — understanding actual function calls, string literals, and property accesses rather than guessing with regex over text. You're analysing the language in its own native tooling, which makes precise source-to-sink and dangerous-call detection far easier than text pattern-matching.
Try it yourself
In Node, fetch a JavaScript file and use a regex matchAll to extract its API endpoints into an array. Then describe how an AST-based approach would find the same endpoints more precisely, and what it could catch that regex would miss.
Key takeaways
- Node gives fetch, file, and shell access for building tools.
- The same regex extraction works; only the host language changes.
- Node’s edge: parse JavaScript into an AST for precise structural analysis.
- Pair static analysis with a headless browser for runtime-built behaviour.
Quick quiz
Next, advanced research territory — browser internals and the engines that run all this JavaScript.