Jsmon Chrome Extension

S3BucketList

S3BucketList automatically scans network requests made by your browser to detect Amazon S3 bucket URLs In penetration testing, searching for S3 Buckets can be a exhaustive task, which requires you to filter, search, and check for every S3 bucket urls. This extension does all that work for you while you browse the internet. It will instantly notify you, automatically filter buckets, and lists all the permission it was able to extract, even tell you what buckets are unclaimed.

DOM XSS Highlighter — Pro

Highlights user-controlled reflections in DOM to help detect risky contexts. Run only on sites you own or may test. DOM XSS Highlighter helps developers and security testers quickly spot user-controlled reflections inside a webpage’s DOM. By highlighting URL parameters, hash fragments, and other inputs that appear in risky contexts, it makes it easier to catch potential security issues during development and QA. ✨ Features • On-demand scanning (runs only when you click the extension) • Highlights user input in text, HTML, attributes, and scripts • Quick “rescan” and “clear” controls for fast testing • Click highlighted text to copy a structured JSON report • Local-only: no data ever leaves your browser Simple interface with professional security look ⚠️ Note: For educational and authorized testing only. Use on websites you own or have explicit permission to test.

rep+

rep+ - Capture, modify, and replay HTTP requests in Chrome DevTools with AI-powered security analysis. rep+ is a powerful Chrome DevTools extension that brings Burp Suite Repeater functionality directly into your browser. Now enhanced with AI, it helps developers, security researchers, and bug bounty hunters test and analyze HTTP requests smarter and faster—no proxy setup required. With rep+ you can: - Capture and replay HTTP requests from any tab, without proxy setup - Group, filter, block, and search requests using text or regex - Convert data inline (Base64, URL encode/decode, JWT decode, Hex/UTF‑8) - Inspect responses in multiple formats with syntax highlighting and line numbers - Passively extract hidden endpoints from JavaScript - Discover query, body, header, and path parameters with risk classification and confidence scoring - Suppress false positives by ignoring common frameworks, libraries, telemetry, and generic fields - Detect secrets in JavaScript using high‑coverage Kingfisher rules - Export endpoints, parameters, and secrets to CSV or Postman - Search deeply inside responses and JavaScript - Run built‑in automated attacks (Sniper, Battering Ram, Pitchfork, Cluster Bomb) - Use AI for request explanations and attack suggestions via API or local LLM (Ollama) - AI‑powered request analysis, modification, and attack suggestions - Per‑request isolated chat with cross‑request references - One‑click AI‑driven request edits with visual feedback - Local or API‑based LLM support with aggressive token optimization - Automatically remove duplicate requests during capture to eliminate noise and keep only unique traffic Why install it? - Works natively inside your browser - Designed for speed, clarity, and real pentesting workflows - Helps you uncover security issues and understand application behaviour faster - Ideal for bug bounty hunters, red teamers, AppSec, and curious devs

DotGit

An extension for checking if .git is exposed in visited websites An extension for checking if .git is exposed in visited websites - Check if a .git/.svn/.hg folder exists for each site you visit - Check if a .env file exists for each site you visit - Check if a .DS_Store file exists for each site you visit - Check if the site is open source (github/gitlab) - Check if the site has security.txt - You will be notified when a folder is found - List of exposed sites found - Download the entire .git folder in zip format, even if the files are not listed on the site - View .git/config with one click - Options for: colors, notifications and downloads Some checks are turned off by default, open the settings to turn them on Source code: https://github.com/davtur19/DotGit