home / mcp / js reverse mcp server
Provides integrated JavaScript reverse engineering with automated analysis, debugging, and risk assessment via MCP workflows.
Configuration
View docs{
"mcpServers": {
"noone-hub-jsreverser-mcp": {
"command": "node",
"args": [
"/ABSOLUTE/PATH/js-reverse-mcp-main/build/src/index.js"
],
"env": {
"OPENAI_MODEL": "gpt-4o",
"GEMINI_API_KEY": "abc123",
"OPENAI_API_KEY": "sk-...",
"ANTHROPIC_MODEL": "claude-3-5-sonnet-20241022",
"ANTHROPIC_API_KEY": "sk-anticorp-...",
"DEFAULT_LLM_PROVIDER": "gemini"
}
}
}
}JS Reverse MCP is an MCP server designed for JavaScript reverse engineering. It unifies browser debugging, script analysis, network tracing, and obfuscation deconstruction into a cohesive workflow that AI clients can drive step by step to locate targets, set breakpoints, sample runtime data, and assess risks.
You run an MCP client that connects to the JS Reverse MCP server to perform automated reverse engineering tasks on JavaScript pages. Your typical workflow is to open a target page, collect scripts, locate the function or string of interest, inject hooks, observe network activity, and derive concrete next actions. The server exposes a set of capabilities that you can sequence to accomplish end-to-end analysis, from page navigation to risk reporting.
Key capabilities you will use include script and source code analysis, breakpoint control, runtime hooks, network request tracing, integrated reverse engineering workflow, DOM and page automation, session state management, and anti-detection features. These tools are accessed through a unified set of commands that you can call in order to build a complete analysis run.
Install prerequisites and build the server, then configure the MCP client to connect to it.
Step-by-step instructions to set up the server locally are shown below.
Configuration notes, troubleshooting guidance, and practical workflow examples are provided to help you run the server in development or production. You can adjust enabling scripts, debugging channels, and AI provider settings to tailor the experience to your environment.
Enumerates all loaded scripts in the page, enabling you to locate relevant sources quickly.
Fetches the full source of a selected script for in-depth analysis.
Searches for target functions or strings within a single script to pinpoint areas of interest.
Performs a global search across all loaded scripts to locate matching patterns.
Sets a breakpoint at a specific line or code region to pause execution.
Sets a breakpoint when a specific text or pattern is encountered during execution.
Resumes execution after a breakpoint has paused the runtime.
Pauses the current script execution.
Controls stepping through code to inspect behavior at a granular level.
Defines a hook point in the runtime to observe or modify behavior.
Injects the hook into the running page to start observation.
Retrieves data collected by hooks for analysis and correlation.
Attaches a hook to a target function to monitor inputs, outputs, and timing.
Tracks function calls and call stacks to understand execution flow.
Lists all network requests made by the page for traceability.
Fetches details of a specific network request, including headers and payloads.
Identifies the origin of a network request to map the call chain.
Interrupts on XMLHttpRequests to capture dynamic interactions.
Runs a comprehensive analysis to identify high-priority targets and risks.
Gathers code from relevant scripts for deeper understanding.
Interprets collected code to reveal intent and behavior.
Deobfuscates code to expose readable logic and data flows.
Aggregates risk data into a structured overview for quick assessment.
Programmatically navigate through pages and flows.
Query and inspect DOM elements to locate targets.
Simulate user interactions by clicking elements.
Automate typing into inputs to drive forms and login flows.
Capture visual snapshots of the page at key moments.
Persist the current browser session state for reuse.
Apply a saved session state to resume work.
List all available saved session states.
Export a session state to a portable file.
Load a session state from a file or JSON.
Apply anti-detection techniques to bypass basic protections.
List available stealth presets for evasion scenarios.
Override the browser user agent to mimic different clients.