vmoranv / jshookmcp

@jshookmcp/jshook English | 中文 An MCP (Model Context Protocol) server providing **290+ built-in tools** across **17+ domains** (including core meta-tools) — with runtime extension loading from and for AI-assisted JavaScript analysis and security analysis. Combines browser automation, Chrome DevTools Protocol debugging, network monitoring, intelligent JavaScript hooks, LLM-powered code analysis, process/memory inspection, WASM toolchain, binary encoding, anti-anti-debug, GraphQL discovery, source map reconstruction, AST transforms, crypto reconstruction, platform package analysis, Burp Suite / native analysis tool bridges, human behavior simulation, CAPTCHA solving, batch account workflows, and high-level composite workflow orchestration in a single server. Documentation / Quick Links • **📖 Read the Documentation** • **🚀 Getting Started** • **⚙️ Configuration** • **📚 Tool Reference** 🌟 Key Highlights • 🤖 **AI-Driven Analysis**: Leverage LLMs for intelligent JavaScript deobfuscation, cryptographic algorithm detection, and AST-level code comprehension. • ⚡ **Search-First Context Efficiency**: BM25-powered + dynamic boosts cut jshook's tool-schema init delta from ~40.0K+ tokens ( ) to ~3.0K ( ) (Claude server-side count; excludes Claude Code base prompt). • 🎯 **Progressive Capability Tiers**: Three built-in profiles ( / / ), with as the default base tier for on-demand capability scaling. • 🌐 **Full-Stack Automation**: Seamlessly orchestrate Chromium/Camoufox browsers, CDP debugging, and network interception as atomic actions. • 🛡️ **Advanced Anti-Debug**: Built-in evasion for debugger statements, timing checks, and strict headless bot fingerprinting techniques. • 🧩 **Dynamic Extensibility**: Hot-reload plugins and workflows from local directories without recompiling the core server. • 🔧 **Zero-Wiring Extensibility**: Auto-discovered domains via , lazy handler instantiation, and B-Skeleton contracts for plugins/workflows. • 🛠️ **Reverse Engineering Toolchain**: Integrated WASM disassembly, binary entropy analysis, in-memory scanning, and bridges for Burp Suite/Ghidra/IDA Pro. Features Provides a comprehensive suite of tools for AI-assisted JavaScript analysis, browser automation, CDP debugging, network interception, memory analysis, and more. > **View the full feature list in the documentation ↗** Architecture & Performance • **Progressive Tool Discovery**: meta-tool (BM25 ranking) + / + profile-based tier upgrades ( ) • **Search-tier behavior**: only searches and ranks results; it does not auto-run , and it does not auto-run . Preferred chain: • **Do not boost for one tool**: can register exact tools across tiers from the current base tier; is better when you expect to reuse a broad family of related tools repeatedly • **Lazy Domain Initialization**: Handler classes instantiated via Proxy on first invocation, not during startup • **Domain Self-Discovery**: Runtime manifest scanning ( ) replaces hardcoded imports; add new domains by creating a single manifest file • **B-Skeleton Contracts**: Extensibility contracts for plugins ( ), workflows ( ), and observability ( ) • **Context Efficiency Benchmark**: Built-in tool-schema init delta (Claude server-side count): ≈ 3,000 tokens vs ≈ 40,000+ tokens (10+ vs 290+ built-in tools; values change as tools/descriptions evolve) Tool Domains The server provides **290+ built-in tools** across **17+ domains** ( , , , , , , , , , , , , , , , , and ). > **View the complete Tool Reference ↗** Project Stats Star History