VulneraMCP

Instructions

Implementation Reference

• src/tools/js.ts:91-128 (handler)

  The main execution handler for the 'js.find_endpoints' tool. It uses regex patterns to extract full URLs, relative paths, and API endpoints from the provided JavaScript source code, deduplicates them, and returns a structured result.
  async ({ source }: any): Promise<ToolResult> => { try { // Find full URLs const urlRegex = /\bhttps?:\/\/[\w\-\.:%]+[\w\-\/_\.\?\=\%\&\#]*/g; const urls = Array.from(new Set(source.match(urlRegex) || [])); // Find relative paths const pathRegex = /["'`](\/[-a-zA-Z0-9_@:\/\.]+)["'`]/g; const paths: string[] = []; let match: RegExpExecArray | null; while ((match = pathRegex.exec(source)) !== null) { paths.push(match[1]); } // Find API endpoints (common patterns) const apiRegex = /(?:api|endpoint|url|path)[\s:=]+["'`]([^"'`]+)["'`]/gi; const apiEndpoints: string[] = []; while ((match = apiRegex.exec(source)) !== null) { apiEndpoints.push(match[1]); } const uniquePaths = Array.from(new Set(paths)); const uniqueApis = Array.from(new Set(apiEndpoints)); return formatToolResult(true, { urls, paths: uniquePaths, apiEndpoints: uniqueApis, summary: { totalUrls: urls.length, totalPaths: uniquePaths.length, totalApis: uniqueApis.length, }, }); } catch (error: any) { return formatToolResult(false, null, error.message); } }
• src/tools/js.ts:81-90 (schema)

  The input schema definition for the tool, specifying the required 'source' parameter as a string containing JavaScript code.
  { description: 'Extract API endpoints, URLs, and paths from JavaScript code', inputSchema: { type: 'object', properties: { source: { type: 'string', description: 'JavaScript source code' }, }, required: ['source'], }, },
• src/tools/js.ts:79-129 (registration)

  The server.tool registration within registerJsTools function, which defines and registers the 'js.find_endpoints' tool with its schema and handler.
  server.tool( 'js.find_endpoints', { description: 'Extract API endpoints, URLs, and paths from JavaScript code', inputSchema: { type: 'object', properties: { source: { type: 'string', description: 'JavaScript source code' }, }, required: ['source'], }, }, async ({ source }: any): Promise<ToolResult> => { try { // Find full URLs const urlRegex = /\bhttps?:\/\/[\w\-\.:%]+[\w\-\/_\.\?\=\%\&\#]*/g; const urls = Array.from(new Set(source.match(urlRegex) || [])); // Find relative paths const pathRegex = /["'`](\/[-a-zA-Z0-9_@:\/\.]+)["'`]/g; const paths: string[] = []; let match: RegExpExecArray | null; while ((match = pathRegex.exec(source)) !== null) { paths.push(match[1]); } // Find API endpoints (common patterns) const apiRegex = /(?:api|endpoint|url|path)[\s:=]+["'`]([^"'`]+)["'`]/gi; const apiEndpoints: string[] = []; while ((match = apiRegex.exec(source)) !== null) { apiEndpoints.push(match[1]); } const uniquePaths = Array.from(new Set(paths)); const uniqueApis = Array.from(new Set(apiEndpoints)); return formatToolResult(true, { urls, paths: uniquePaths, apiEndpoints: uniqueApis, summary: { totalUrls: urls.length, totalPaths: uniquePaths.length, totalApis: uniqueApis.length, }, }); } catch (error: any) { return formatToolResult(false, null, error.message); } } );
• src/index.ts:36-36 (registration)

  Top-level call to registerJsTools(server), which triggers the registration of the 'js.find_endpoints' tool along with other JS tools.
  registerJsTools(server);