Reverse-Engine-OS is an advanced website reverse-engineering and automation analysis toolkit built with Node.js and Playwright. It is designed for developers, penetration testers, and ethical hackers to automatically capture, map, and analyze web application behavior in real-time.
Stop wasting hours in the Network Tab. Reverse-Engine-OS automates the entire discovery phase of web automation and security research. By interacting with a site in headful mode, the tool captures every API request, DOM interaction, and storage update, then correlates them to generate ready-to-use automation blueprints and Axios replay scripts.
- 🕸️ Full Network Sniffing: Captures all requests/responses, including headers and JSON/Text bodies.
- 🗺️ API Mapping: Automatically identifies endpoints (
api,graphql,ajax,fetch). - 🔗 DOM Action Correlation: Detects which UI action (click, input, scroll) triggered which API request.
- 📝 Replay Script Generator: Auto-generates standalone Node.js scripts for captured API calls.
- 🔑 Auth Detection: Extracts Authorization headers, CSRF tokens, and signatures.
- 📊 API flow Graphs: Generates sequence diagrams and Mermaid-based flow charts.
- 🎬 Media & CDN Detection: Tracks video streams (.mp4, .m3u8) and CDN links.
- 🍪 Storage Snapshots: Dumps Cookies,
localStorage, andsessionStorage. - 📸 Intelligent Screenshots: Navigation and periodic visual logging.
- 📦 HAR Archive: Records a complete session in standard HAR format for deep analysis.
When you record a session, the tool creates a structured directory:
projects/[project-name]/
├── network/ # Requests, Responses (Bodies), & Timings
├── api/ # API Maps, Triggers, & Parameters
├── auth/ # Extracted Tokens & Auth Headers
├── dom/ # Recorded User Interactions
├── har/ # Full Network Archive (.har)
├── js/ # Scripts scanned for API calls
├── storage/ # Cookies & Web Storage dumps
├── scripts/ # Auto-generated Axios replay scripts
└── report/ # Automation Blueprint & Summary MD
# Clone the repository
git clone https://github.com/kunaldevelopers/Reverse-Engine-OS.git
# Navigate to the folder
cd Reverse-Engine-OS
# Install dependencies
npm install
# Install Playwright browser
npx playwright install chromiumRun the tool and enter a name for your project folder:
node recon.js- A headful Chromium window will open.
- Navigate to your target website and interact with it as a normal user.
- Reverse-Engine-OS works in the background, sniffing and correlating all activity.
- Close the browser or press
Ctrl + Cto finalize the analysis and generate reports.
- Web Automation: Quickly map out how a site works to build bots or integration scripts.
- Penetration Testing: Inspect API parameters, auth mechanisms, and hidden CDN endpoints.
- Performance Analysis: Analyze request timings and sequence flows.
- API Documentation: Reverse-engineer undocumented APIs with schema-like parameter extraction.
This tool is for educational purposes and authorized security research only. Users are responsible for complying with local laws and the Terms of Service of the websites they analyze.
Contributions are welcome! Feel free to open issues or submit pull requests to improve the sniffer logic or reporting modules.
Developed with ❤️ by Kunal Developers