Uncover the hidden internals of Next.js sites
Features β’ Installation β’ Usage β’ Examples β’ Contributing β’ License
nextr4y is a powerful reconnaissance tool written in Golang designed to analyze Next.js applications and extract valuable information about their internal structure, routes, and dependencies. By scanning a target Next.js site, nextr4y can reveal build IDs, Next.js and React versions, asset prefixes, and route mappings that can be valuable for security assessments, debugging, or reverse engineering. It also features an MCP server mode for remote scanning and integration. Built with performance and reliability in mind, this Go-based tool is perfect for cybersecurity professionals and web application researchers.
- π Next.js Detection - Automatically detect if a site is built with Next.js
- ποΈ Version Fingerprinting - Identify both Next.js and React versions in use
- πΊοΈ Route Mapping - Discover and map internal routes defined in the application
- π¦ Asset Discovery - Identify and catalog JavaScript and CSS assets
- π§ Build Manifest Analysis - Extract and analyze the build manifest
- π Multiple Output Formats - Get results in human-readable text or machine-parsable JSON
- π Anti-Bot Evasion - Uses CycleTLS-based page fetcher with different JA3 fingerprints and user agent presets to avoid bot detection
- π MCP Server Mode - Expose scanning functionality via a Model Context Protocol server for remote access and integration (e.g., with Cursor)
# Clone the repository
git clone https://github.com/rodrigopv/nextr4y.git
cd nextr4y
# Build the binary
go build -o nextr4y ./cmd/nextr4ygo install github.com/rodrigopv/nextr4y/cmd/nextr4y@latestDownload pre-built binaries from the Releases page.
nextr4y [command] [command options] [arguments...]
COMMANDS:
scan Scan a Next.js site
serve Start an MCP server to handle nextr4y scan requests
help Shows a list of commands or help for one command
OPTIONS:
--output FILE, -o FILE Write output to FILE
--format value, -f value Output format (text or json) (default: "text")
--base-url value, -b value Override the auto-detected base URL for asset resolution
--help, -h Show help information
OPTIONS:
--port value, -p value Port for the MCP server (default: 8080)
--host value Host for the MCP server (default: "0.0.0.0")
--help, -h Show help information
nextr4y https://example-nextjs-site.comnextr4y -f json -o results.json https://vercel.comnextr4y -b https://cdn.example.com https://example.comnextr4y serve -p 9000 -host 127.0.0.1+ ---------------------------------------------------------------- +
| nextr4y |
| github.com/rodrigopv/nextr4y |
+ ---------------------------------------------------------------- +
Scanning target: https://example-nextjs-site.com
Target is using Next.js: β
Build ID: 1a2b3c4d5e6f7g8h9i0j
Detected Next.js Version: 13.4.12
Detected React Version: 18.2.0
Asset Prefix:
Calculated Asset Base URL: https://example-nextjs-site.tld/
Build Manifest Found: β
Build Manifest Executed OK: β
Routes (12 routes found):
- / (18 assets)
- /about (15 assets)
- /blog (22 assets)
- /blog/[slug] (24 assets)
- /admin/reception/id-card (10 assets)
- /admin/reception/passport (10 assets)
...
Found 123 unique assets from manifest.
{
"BaseURL": "https://example.com/",
"AssetBaseURL": "https://example.com/_next/",
"IsNextJS": true,
"BuildID": "SAMPLE_BUILD_ID_123",
"AssetPrefix": "/_next",
"Routes": {
"/about": [
"https://example.com/_next/static/chunks/pages/about-a1b2c3d4e5f6a7b8.js",
"https://example.com/_next/static/chunks/framework-12345abcde.js",
"https://example.com/_next/static/css/styles-about-abcdef.css"
],
"/products/[productId]": [
"https://example.com/_next/static/chunks/pages/products/%5BproductId%5D-f1e2d3c4b5a6f7e8.js",
"https://example.com/_next/static/chunks/framework-12345abcde.js",
"https://example.com/_next/static/chunks/shared-component-lib-xyz789.js",
"https://example.com/_next/static/css/styles-products-fedcba.css"
]
},
"AllAssets": {
"https://example.com/_next/static/chunks/pages/about-a1b2c3d4e5f6a7b8.js": true,
"https://example.com/_next/static/chunks/framework-12345abcde.js": true,
"https://example.com/_next/static/css/styles-about-abcdef.css": true,
"https://example.com/_next/static/chunks/pages/products/%5BproductId%5D-f1e2d3c4b5a6f7e8.js": true,
"https://example.com/_next/static/chunks/shared-component-lib-xyz789.js": true,
"https://example.com/_next/static/css/styles-products-fedcba.css": true
},
"ManifestFound": true,
"ManifestExecOK": true,
"ExecutionError": null,
"NextDataJSONRaw": "{\"props\":{\"pageProps\":{\"sampleData\": true, \"message\": \"This is placeholder _next/data content.\"}}}",
"DetectedNextVersion": "14.1.0",
"DetectedReactVersion": "18.2.0"
}nextr4y works by:
- Initial Scanning - Fetches the target page and looks for Next.js-specific markers
- NEXT_DATA Extraction - Parses the embedded Next.js configuration data
- Asset Detection - Identifies JavaScript and CSS assets linked in the HTML
- Build Manifest Analysis - Downloads and analyzes the build manifest to map routes
- Version Detection - Uses multiple strategies to fingerprint Next.js and React versions
- Report Generation - Compiles discovered data into structured output
- Bot Detection Evasion - Implements CycleTLS for TLS fingerprint randomization with various JA3 signatures and rotating user agents to bypass common bot detection systems
- MCP Server Mode - Provides a Model Context Protocol server interface to execute scans remotely
The MCP (Message Context Protocol) server mode allows nextr4y to be used as a service that accepts scan requests remotely. This is useful for:
- Integration - Incorporate nextr4y scanning into your own applications or workflows
- Automation - Schedule and automate scans of Next.js sites
- API Access - Access nextr4y functionality through a standardized API interface
- AI Integration Bridge - Serve as a bridge between the data provided by nextr4y and AI-driven tools or solutions (like Cursor) for enhanced analysis and interaction.
When using the MCP server, clients can send requests to scan specific targets and receive the scan results as structured responses. The server handles the execution of the scans and returns the results to the client.
Start the MCP server:
nextr4y serve -p 8080 -host 0.0.0.0The MCP server provides the following tools:
- nextr4y_scan - Scan a Next.js site and extract information about its structure
- Parameters:
url(string, required) - The URL of the target Next.js siteformat(string, optional) - Output format ("json" or "text", defaults to "json")base_url(string, optional) - Custom base URL for asset resolution
- Parameters:
You can integrate nextr4y with Cursor IDE using the MCP protocol:
- Start the nextr4y MCP server:
go run github.com/rodrigopv/nextr4y/cmd/nextr4y serve- Create or edit the Cursor MCP configuration file at
~/.cursor/mcp.json:
{
"mcpServers": {
"nextr4y": {
"url": "http://localhost:8080/sse"
}
}
}-
Restart Cursor for the changes to take effect.
-
You can now use nextr4y from within Cursor to scan Next.js sites and analyze their structure.
- Security Research - Reconnaissance and analysis of Next.js application structure
- Penetration Testing - Map routes and identify potential API endpoints
- Website Analysis - Learn how sites are built and structured with Next.js
- Internal View Reconstruction - Use MCP to connect nextr4y data (routes, assets) to IDEs such as cursor to understand or mimic internal application views for deeper analysis or vulnerability hunting.
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
See CONTRIBUTING.md for more information.
This project is licensed under the MIT License - see the LICENSE file for details.
nextr4y is designed for legitimate security research and web development purposes only. Use responsibly and only against websites you own or have explicit permission to test. The authors are not responsible for any misuse of this tool.