JsHookMcp
JsHookMcp is an AI-powered MCP server providing 500+ tools across 36 domains for JavaScript analysis, security research, browser automation, and reverse engineering.
Meta-Tool Capabilities (always exposed)
search_tools— Keyword/vector hybrid search to discover toolsroute_tool— Natural language task router that recommends tools, workflows, and activation orderdescribe_tool— Retrieve full details and input schema for any toolactivate_tools/deactivate_tools— Dynamically register or remove specific tools to manage contextactivate_domain— Activate an entire domain at once (e.g.,browser,network,debugger) with optional auto-expirycall_tool— Execute any active tool by name
Broader Capabilities (accessible after activation)
🌐 Browser Automation — Chromium/Camoufox control, CDP debugging, anti-detection, CAPTCHA handling
📡 Network Interception — HTTP/2 traffic monitoring, MiTM capture, GraphQL analysis, Burp Suite bridge
🪝 JavaScript Analysis — JS hooks, AST transforms, source-map reconstruction, deobfuscation
🧠 AI-Driven Code Analysis — LLM-powered deobfuscation, crypto detection, AST comprehension
🔍 Reverse Engineering — WASM disassembly, binary analysis, Frida/Ghidra/IDA integration
🧰 Process & Memory Forensics — Native FFI scanning, hardware breakpoints, PE introspection
🔄 Dynamic Extensibility — Declarative workflows, hot-reload plugins, cross-domain orchestration
🛡️ Security Research — Exploit development, syscall hooks, protocol analysis, encoding utilities
Provides a bridge for Burp Suite, enabling integration with the Burp Suite security testing platform for network interception and analysis.
Provides GraphQL introspection capabilities for analyzing and querying GraphQL APIs.
@jshookmcp/jshook
English | 中文
An MCP server that gives AI agents 402 tools across 36 domains for JavaScript analysis and security research — browser automation, CDP debugging, network interception, JS hooks, LLM-powered code analysis, process/memory forensics, WASM reverse engineering, source-map reconstruction, AST transforms, and composite workflows in a single server.
Quick Links
Related MCP server: Codehooks.io MCP Server
🚀 Quick Start
No global install needed — add to your MCP client config and you're ready:
Claude Desktop / Cursor (claude_desktop_config.json):
{
"mcpServers": {
"jshook": {
"command": "npx",
"args": ["-y", "@jshookmcp/jshook@latest"],
"env": { "JSHOOK_BASE_PROFILE": "search" }
}
}
}(Windows: use npx.cmd absolute path if npx is not found)
🌟 Highlights
🤖 AI-Driven Analysis — LLM-powered deobfuscation, crypto detection, AST comprehension
⚡ Search-First Context Efficiency —
searchprofile ≈ 3K tokens vsfull≈ 40K+ tokens🎯 Progressive Tiers —
search→workflow→full, activate on demand🌐 Full-Stack Browser Automation — Chromium/Camoufox + CDP + anti-detection + CAPTCHA handling
🔁 Runtime Recovery and Session Isolation — HTTP sessions restore activated domains, browser attach state, coverage state, and isolate browser-side session state per client
🧭 Schema-First Meta Tools —
describe_tool, validatedcall_tool, andcoverage_reportreduce parameter errors and make tool coverage visible📡 Network Interception — HTTP/2 frame building, MiTM capture, GraphQL, Burp Suite bridge
🛠️ Reverse Engineering Toolchain — WASM disassembly, binary analysis, Frida, Ghidra/IDA bridges
🧰 Process & Memory Forensics — Native FFI scanning, hardware breakpoints, PE introspection
🧩 Dynamic Extensibility — Hot-reload plugins, declarative workflows, auto-discovered domains
Recent Runtime Notes
HTTP transport now multiplexes independent MCP sessions and restores runtime state after reconnects.
proxy_startauto-generates a local HTTPS interception CA when needed.Browser CAPTCHA solving is now explicit-input driven: pass
taskKind,siteKey,imageBase64,callbackName, andresponseSelectoras needed. Built-in widget/page signature probing is intentionally not used.
Architecture
Runtime Registry — Domains auto-discovered via
manifest.ts; add a domain by creating one fileLazy Initialization — Handlers instantiated on first call, not at startup
BM25 + Vector Search —
search_toolsmeta-tool with hybrid ranking and adaptive weightsMCP ToolAnnotations — Every tool carries
readOnlyHint/destructiveHint/idempotentHint/openWorldHint
Registry Snapshot
The built-in surface below is generated from the runtime registry and checked in CI.
Package version:
0.3.3Built-in Tools:
588Domains:
adb-bridge,binary-instrument,boringssl-inspector,browser,canvas,coordination,core,cross-domain,dart-inspector,debugger,encoding,exploit-dev,extension-registry,graphql,instrumentation,maintenance,memory,mojo-ipc,native-bridge,native-emulator,network,platform,process,protocol-analysis,proxy,sourcemap,streaming,syscall-hook,trace,transform,v8-inspector,wasm,webgpu,workflowNote: this snapshot is generated from the runtime registry; do not edit the counts by hand.
Project Stats
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/vmoranv/jshookmcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server