Skip to content

rahulapjs/EnvScope

BranchesTags

Repository files navigation

🛡️ EnvScope: The Elite Frontend Security Analyzer

EnvScope is a high-performance, context-aware browser extension designed to identify and extract exposed credentials, sensitive tokens, and internal API endpoints from modern web applications.

Unlike traditional static scanners, EnvScope uses a 10-layered deep-scanning architecture that combines AST-based code analysis with runtime heuristics to filter noise and surface real security risks.

🚀 1Layered Detection Architecture

EnvScope doesn't just look for strings; it analyzes the execution environment of the application.

graph TD
    A[Page Load] --> B{10-Layer Scan}
    
    subgraph "Static Analysis"
        B1[L1: JS Bundle Scan]
        B5[L5: Inline Script Analysis]
    end
    
    subgraph "Runtime Hooking"
        B2[L2: Fetch/XHR Interception]
        B4[L4: Console Monitor]
        B7[L7: WebSocket Stream Scan]
    end
    
    subgraph "Environmental Analysis"
        B3[L3: Global Objects Inspection]
        B6[L6: Storage & Cookies Scan]
        B10[L10: DOM / Metadata Scan]
    end

    B1 & B2 & B3 & B4 & B5 & B6 & B7 & B10 --> C[Intelligent Filtering Engine]
    C --> D[Base64 Noise Filter]
    D --> E[JWT Verification]
    E --> F[Context-Aware Scoring]
    F --> G[Categorized Dashboard]
Loading

🔥 Key Features

  • 🔴 High-Value Secret Detection: Focused on Private Keys (RSA/ECC), Cloud Keys (AWS/GCP), Database URIs (Mongo/Postgres), and JWTs.
  • 🛡️ Intelligent Noise Reduction: Advanced heuristics and AST-based context check drop 95% of false positives (UI flags, minified hashes).
  • 🔵 API Reconnaissance: Automatically discovers and categorizes internal endpoints vs. frontend app routes.
  • 🚀 One-Click Intelligence: Grouped findings with environment detection tips (e.g., "Possible multi-environment setup").
  • 📋 Export-Ready: Extract clean, JSON-formatted reports of audit findings for external tools.
  • 🏝️ Site-Wise Isolation: Each site retains its own localized findings with a clean workspace for research.

🛠 Tech Stack

  • Core Engine: TypeScript + Acorn (AST Parser)
  • Frontend UI: Preact + Vite
  • Styling: Vanilla CSS (Modern Glassmorphism Design)
  • Icons: Lucide-Preact

📦 Project Structure

├── src/
│   ├── app.tsx            # Main React/Preact Dashboard UI
│   ├── background/        # Atomic background worker with storage proxy
│   ├── content/           # 10-layer runtime & static injection engine
│   ├── engine/            # The Intelligent Analyzer (Scoring & Filtering)
│   └── index.css          # Modern dark-mode styling
├── dist/                  # Production-ready extension build
└── vite.config.ts         # Extension bundling config (CRXJS)

👨‍💻 Installation & Build

1. Development Mode

npm install
npm run dev

2. Production Build

npm run build

Load the dist/ folder into Chrome via chrome://extensions/ (Developer Mode enabled).

🛡 Security Rules & Best Practices

EnvScope follows strict privacy rules:

  • Zero External Reporting: All analysis is performed locally in your browser.
  • Origin Locking: Storage is partitioned by domain—no cross-site data leakage.
  • Clipboard Safety: Toasts confirm every copy action to prevent accidental data loss.

🚀 Built with 🔥 for Security Engineers.

About

A context-aware frontend security analyzer that identifies exposed credentials, tokens, and internal API endpoints using a 10-layer scanning architecture. Filters noise with AST-based heuristics and runtime interception.

Topics

security cybersecurity browser-extension devsecops runtime-hooking secret-detection

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages