Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

JavaScript Transforms

Analyze JavaScript files to identify shared infrastructure, frameworks, and templates across dark web sites. These transforms help discover relationships between sites through their technical implementation.

Overview

JavaScript transforms allow you to:

  • Extract all JavaScript files used by an onion site
  • Identify API endpoints extracted from JavaScript code
  • Find all sites using identical JavaScript files (indicating shared developers or infrastructure)

FetchJavascriptFiles

Transform Name: FetchJavascriptFiles

Description

Extracts all JavaScript files referenced by a specified onion site, including their hashes, file sizes, and discovered endpoints.

Input Entity

  • hades.v2.onion - An onion site address

Output Entities

  • hades.v2.javascript - JavaScript file entities

Properties Returned

  • File Path - The full path/URL to the JavaScript file
  • MD5 Hash - MD5 cryptographic hash of the file
  • SHA1 Hash - SHA1 cryptographic hash of the file
  • SHA256 Hash - SHA256 cryptographic hash of the file
  • File Size - Size of the JavaScript file in bytes
  • Endpoints Found - Number of API endpoints discovered in the code
  • Hades Link - Direct link to view the onion site in Project Hades web interface

Use Cases

  • Catalog all JavaScript dependencies used by a site
  • Identify custom vs. library JavaScript files
  • Discover API endpoints hardcoded in client-side code
  • Compare JavaScript files between suspected related sites
  • Identify sites using the same web frameworks or templates

Investigation Tips

  • Large files with many endpoints often indicate custom application code
  • Small files with no endpoints are typically third-party libraries
  • Unique file paths can reveal framework choices (e.g., /static/js/react.min.js)

SearchByJavascriptHash

Transform Name: SearchByJavascriptHash

Description

Finds all onion sites using a specific JavaScript file, identified by its cryptographic hash. Accepts MD5, SHA1, or SHA256 hashes.

Input Entity

  • hades.v2.javascript - A JavaScript file entity (or manually input hash)

Output Entities

  • hades.v2.onion - Onion site addresses

Properties Returned

  • Hades Link - Direct link to view each onion site in Project Hades web interface

Hash Type Support

This transform automatically detects and searches using:

  • MD5 - 32-character hexadecimal hash
  • SHA1 - 40-character hexadecimal hash
  • SHA256 - 64-character hexadecimal hash

Use Cases

  • Identify all sites using the same custom JavaScript framework
  • Find sites built with the same template or codebase
  • Discover sites sharing the same developers or development team
  • Track the distribution of specific JavaScript malware or tracking code
  • Link marketplaces through shared technical infrastructure

What Shared JavaScript Reveals

  • Identical custom JS - Strong indicator of same operator/developer
  • Shared libraries - May indicate same framework (less conclusive)
  • Unique bundled code - Sites sharing minified/bundled JS likely related
  • Admin panels - Sites with identical admin JS likely share operators

Investigation Workflow Example

Identifying Shared Infrastructure

  1. Analyze a known site’s JavaScript

    • Input: marketplace123abc.onion
    • Run: FetchJavascriptFiles
    • Result: List of all JavaScript files used by the site

  2. Focus on custom code

    • Identify custom JavaScript (not common libraries like jQuery)
    • Look for files with unique names or many endpoints
    • Select these files for further investigation

  3. Find sites with identical code

    • Input: Hash of custom JavaScript file
    • Run: SearchByJavascriptHash
    • Result: Other sites using the exact same JavaScript file

  4. Confirm relationships

    • Sites sharing custom JavaScript are likely:
      • Operated by the same team
      • Built from the same source code/template
      • Part of a related network
    • Cross-reference with other intelligence (wallets, contacts, SHV fingerprints)

Framework Fingerprinting

  1. Extract JavaScript from target site

    • Run: FetchJavascriptFiles
    • Review file paths and names to identify frameworks

  2. Search for framework-specific files

    • Select framework configuration or initialization files
    • Run: SearchByJavascriptHash
    • Find other sites using the same framework configuration

  3. Build framework profile

    • Identify common patterns among sites using the same framework
    • This can help predict functionality, vulnerabilities, or operational patterns

Tracking Template Reuse

  1. Identify marketplace template

    • Many dark web marketplaces use shared templates or forks
    • Extract JavaScript from a known template-based marketplace
    • Run: FetchJavascriptFiles

  2. Track template distribution

    • Select the main application JavaScript file
    • Run: SearchByJavascriptHash
    • Discover all marketplaces using the same template

  3. Analyze the ecosystem

    • Map the network of sites using the same underlying code
    • Track how templates spread and evolve
    • Identify markets that may share vulnerabilities

© 2026 © Aikos Technologies Limited - All Rights Reserved.