Extract JavaScript from Bun-compiled executables
Reverse engineer, analyze, and learn from Bun applications
Features • Installation • Usage • Examples • How It Works
unbuned is a powerful Python tool that extracts pure JavaScript source code from Bun-compiled executables. Whether you're reverse engineering an application, conducting security research, or learning how a Bun app works, unbuned gives you access to the bundled JavaScript code.
- Zero Dependencies: Pure Python 3.6+ stdlib only
- Universal: Works with any Bun-compiled executable
- Clean Output: 100% ASCII JavaScript, no binary contamination
- Fast: Extracts megabytes of code in seconds
- Accurate: Smart boundary detection ensures complete extraction
- Parse PE headers to locate
.bunsection - Find JavaScript start marker (
// @bun) - Intelligent JavaScript/binary boundary detection
- Refine boundaries using end markers (
debugId,sourceMappingURL,})();) - Extract and save pure, readable JavaScript
- Support for Windows, Linux, and macOS executables
git clone https://github.com/vibheksoni/unbuned.git
cd unbunedNo dependencies required! Just Python 3.6+
python unbuned.py <path-to-bun-executable>python unbuned.py droid.exeOutput:
Extracted: output/droid/droid.js
Size: 14,234,567 bytes
The extracted JavaScript will be saved to output/<executable-name>/<executable-name>.js
We've included two real-world examples in the output/ directory:
- Extracted: 14MB of JavaScript
- Contains: AI agent logic, model configurations, Factory-specific code
- Location:
output/droid/droid.js
- Extracted: 11MB of JavaScript
- Contains: AWS Code implementation, Anthropic SDK, tool definitions
- Location:
output/claude/claude.js
Both examples demonstrate unbuned's ability to extract massive amounts of clean, readable JavaScript from production Bun executables.
unbuned uses a multi-stage extraction process:
- PE Header Parsing: Locates the
.bunsection in Windows PE executables - Magic Byte Detection: Falls back to magic byte search (
\xe5\x02\x80\x01) if needed - JavaScript Marker: Finds the
// @buncomment marking the start of JS code - Boundary Detection: Analyzes byte patterns to detect where JavaScript ends
- Refinement: Uses source map markers and code patterns to refine the boundary
- Extraction: Decodes and saves pure UTF-8 JavaScript
The tool uses a sophisticated heuristic to detect where JavaScript ends:
- Analyzes chunks for non-printable character ratios
- Looks for source map comments (
//# sourceMappingURL=) - Detects debug markers (
//# debugId=) - Identifies IIFE closures (
})();) - Validates binary data after potential boundaries
- Reverse Engineering: Understand how a Bun application works
- Security Research: Analyze executables for vulnerabilities or malicious code
- Learning: Study real-world Bun bundling and code structure
- Recovery: Extract source code when original files are lost
- Analysis: Examine dependencies and third-party libraries
- Python 3.6 or higher
- No external dependencies
- Extracts bundled JavaScript only (not native modules or assets)
- Minified code remains minified (use a beautifier for readability)
- Some obfuscated code may be harder to analyze
Contributions are welcome! Feel free to:
- Report bugs
- Suggest features
- Submit pull requests
- Share your extraction results
MIT License - see LICENSE for details
This tool is intended for educational purposes, security research, and legitimate reverse engineering. Always respect software licenses and intellectual property rights. Use responsibly.
- asar - Extract Electron app.asar archives
- pkg - Package Node.js apps into executables
- nexe - Create standalone Node.js executables
Made for the reverse engineering community
Star this repo if you find it useful!
Currently open to work. If you're looking for someone with security research, reverse engineering, malware analysis, or full-stack development experience - hit me up.
- X/Twitter: @ImVibhek
- Website: vibheksoni.com
- Security Blog: opendoors.wtf
- GitHub: vibheksoni
Remember: With great power comes great responsibility. Use this tool ethically and legally.
