High-risk tools in Js Reverse
13 of the 31 tools in Js Reverse are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_launchExecute启动Chrome浏览器实例,支持headless模式和代理设置
-
crypto_verify_algorithmExecute使用本地加密库验证猜测的算法是否正确(输入明文+参数,对比是否能得到相同密文)
-
generate_brute_scriptExecute生成暴力破解脚本(包含加密+自动化登录尝试)
-
generate_decrypt_scriptExecute根据分析结果生成完整的解密脚本(Python或JavaScript),自动保存到output目录
-
generate_encrypt_scriptExecute生成加密脚本(用于构造请求重放)
-
js_trace_call_chainExecute追踪指定函数的调用链(谁调用了它,它又调用了谁)
-
network_disable_interceptExecute关闭网络请求拦截
-
network_enable_interceptExecute开启网络请求拦截,捕获所有HTTP请求(特别是登录请求)
-
page_navigateExecute导航到指定URL,等待页面加载完成
-
runtime_call_functionExecute调用页面中的指定全局函数,传入参数并获取返回值
-
runtime_evaluateExecute在页面上下文中执行JavaScript代码(可用于填写表单、触发登录等)
-
runtime_hook_functionExecuteHook指定函数,记录每次调用的参数和返回值(用于捕获加密过程的输入输出)
-
script_test_runExecute测试运行生成的脚本(仅支持JavaScript,Python需要本地python环境)
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.