Censys

Sputnik

OSINT web extension Sputnik is an extension to quickly and easily search IPs, Domains, File Hashes, and URLs using free Open Source Intelligence (OSINT) resources. • Text - Select the artifact you wish to search and right click • Links - Right click on links, audio, images, videos • Select an OSINT tool • In most cases, you will be redirected straight to results • For tools that require user interaction such as captchas: • The highlighted artifact will be saved to your clipboard • You will be directed to the submission page

JS Recon Buddy

Analyze page scripts for bug bounty reconnaissance. The scanner uses a set of regex patterns to identify and categorize potential security-related information: - Subdomains - discovers related subdomains within the code. - Endpoints & Paths - uncovers potential API endpoints and other useful paths. For Next.js applications, it also automatically parses (if possible) the build manifest to discover all client-side routes. - Potential Secrets - scans for API keys, tokens, and other sensitive data using pattern matching and Shannon entropy checks. - Potential DOM XSS Sinks - identifies dangerous properties and functions like .innerHTML and document.write. - Interesting Parameters - flags potentially vulnerable URL parameters (e.g., redirect, debug, url). - Potential Dependency Confusion - (opt-in) identifies private NPM packages that are not on the public registry, flagging a potential dependency confusion attack vector. - Source Maps - finds links to source maps which can expose original source code. Can optionally guess the location of source maps for discovered JavaScript files even if they aren't explicitly linked. If it is a valid source map, the extension tries to deconstruct source files based on data there - JS Libraries - lists identified JavaScript libraries and their versions. - External and Inline Scripts - provides a complete inventory of all JavaScript sources loaded by the page, allowing you to view the content of any script in a formatted viewer.

Netlas.io

The Netlas plugin gives information about where the website is hosted, who owns the IP and what other services and ports are open. This extension is intended to facilitate the work of specialists of the information security. Do you do Bug Bounty? Or is your field of activity - OSINT? Undoubtedly, our plugin will be useful to you. The plugin will allow you to get information about the website you are currently browsing at any time. Just click on our blue spider, and the extension will show you the IP address and domain name details. You will see the location of the object under study, its owner, open ports, and installed services. The extension receives all information from the Netlas.io service, and you can also go from the results to it to get acquainted with the data in more detail: examine the full WHOIS response, view responses, and all DNS records. In addition, the extension can work in automatic mode, passively querying each site you open in the Netlas database and checking for vulnerabilities. To do this, simply enable Smart Logo in the extension settings, then reload the page. Now, every time you visit a site that is potentially vulnerable to some known CVE, the extension logo will change color depending on the vulnerability rating. Attention: the free use of the extension is limited to thirty requests per day without the ability to automatically scan visited sites. To expand the possibilities, you need to register on netlas.io and use your API key.

VAPT Assistant Pro+

Advanced VAPT toolkit with AI, security headers, WAF detection, DNS/WHOIS tools, subdomain scanner, and VirusTotal integration. Unlock powerful web security and penetration testing capabilities with VAPT Assistant Pro+, the ultimate Chrome extension for pentesters, ethical hackers, and cyber security professionals. This all-in-one pentest tool and penetration testing toolkit provides everything you need for efficient vulnerability assessment, ethical hacking, and security testing directly in your browser. VAPT Assistant Pro+ offers a wide range of pentesting tools for comprehensive vulnerability assessment and penetration testing (VAPT), making it an essential tool for security analysts, bug bounty hunters, and IT professionals. Conduct advanced penetration testing, automate vulnerability scanning, analyze web application security, and strengthen your cyber security posture—all with an intuitive, user-friendly interface. Key features include web application pentesting, automated VAPT scans, cyber security analysis, ethical hacking tools, and real-time security monitoring. Whether you are performing manual security audits or automated tests, this extension simplifies your workflow and boosts your productivity. This extension helps you during a web application penetration testing and report writing so it was a checklist management tool pentester can also add custom bug bounty checklist also this extension is secure using MPIN pentest tool, pentesting tool, penetration testing tool, pentest toolkit, cyber security tool, ethical hacking tool, VAPT, vulnerability assessment, security testing, web application security, bug bounty, security analyst, IT security, browser extension, web security tool, automated pentest. Take your penetration testing and cyber security efforts to the next level with VAPT Assistant Pro+, the best Chrome extension for ethical hackers and penetration testers!