DOM XSS Highlighter — Pro

Lyra

Lyra is a XSS automater and broken link checker. - Automates XSS vulnerability checks in the Chrome browser. - Scans the current website for all available links. - Checks for broken links in real-time. - Provides a user-friendly interface for ease of use. - Saves time and effort for manual checking of XSS and broken links. - Supports both HTTP and HTTPS websites. - Continuously updates its database of XSS payloads for maximum efficiency. - Easy to install and use with just a few clicks. The perfect solution for anyone looking to increase bug bounty speed.

Pathprobe

PathProbe is a powerful Chrome Developer Tools extension designed for web security testing and ethical hacking. This tool enables rapid and efficient discovery of sensitive data by asynchronously scanning user-defined paths of specified targets. Subdomain Enumeration: Perform automated multi-domain testing using free, open-source methods—no API keys required. New Method Fetching: Streamline your testing process with enhanced data-gathering capabilities. Advanced Filtering and Search: Manage results effortlessly with robust tools for sorting and finding key insights. Ideal for ethical hackers, security specialists, and developers, PathProbe is a versatile solution to enhance website security. Initially developed as a personal project, PathProbe is now publicly available. Consider supporting its development via the project settings. *1.2.0: Multi Method option added, free subdomain enum added, censys removed, more paths, responseTime added, general fixes and optimization

SecuriScanX

Harden your input points - detect SQLi, XSS & CMDi within seconds. 𝗦𝗲𝗰𝘂𝗿𝗶𝗦𝗰𝗮𝗻𝗫: 𝗬𝗼𝘂𝗿 𝗢𝗻𝗲-𝗖𝗹𝗶𝗰𝗸 𝗪𝗲𝗯𝘀𝗶𝘁𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗚𝘂𝗮𝗿𝗱 SecuriScanX is a powerful but easy-to-use tool designed to keep websites safe from hackers. It works like a digital security guard, automatically checking any web page for common security weaknesses in seconds. 🚀 𝙒𝙝𝙮 𝙞𝙩’𝙨 𝙖 𝙂𝙖𝙢𝙚-𝘾𝙝𝙖𝙣𝙜𝙚𝙧 𝙛𝙤𝙧 𝘽𝙪𝙜 𝙃𝙪𝙣𝙩𝙚𝙧𝙨 & 𝙋𝙚𝙣𝙩𝙚𝙨𝙩𝙚𝙧𝙨 For those in Web Pentesting and Bug Bounty, speed and efficiency are everything. SecuriScanX acts as your first line of attack during the reconnaissance phase: ▶ 𝗙𝗮𝘀𝘁 𝗦𝘂𝗿𝗳𝗮𝗰𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀: Instead of manually testing every single input, run SecuriScanX to quickly identify which fields are vulnerable to SQLi, XSS, or Command Injection. ▶ 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗚𝗮𝘁𝗵𝗲𝗿𝗶𝗻𝗴 (𝗣𝗮𝘀𝘀𝗶𝘃𝗲 𝗦𝗰𝗮𝗻): It automatically uncovers hidden details like sensitive info in HTML comments, missing security headers, and cookie configurations that could lead to bigger exploits. ▶ 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝘁 𝗙𝘂𝘇𝘇𝗶𝗻𝗴: The tool doesn't just "guess"; it uses intelligent context detection to send the right payloads to the right fields (e.g., login-specific payloads for auth forms). ▶ 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 "𝗟𝗼𝘄-𝗛𝗮𝗻𝗴𝗶𝗻𝗴 𝗙𝗿𝘂𝗶𝘁" 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝘆: It saves you hours of manual work by flagging obvious vulnerabilities instantly, allowing you to focus your energy on more complex manual exploits. 𝙒𝙝𝙤 𝙞𝙨 𝙞𝙩 𝙛𝙤𝙧? ▶ 𝗕𝘂𝗴 𝗛𝘂𝗻𝘁𝗲𝗿𝘀 & 𝗣𝗲𝗻𝘁𝗲𝘀𝘁𝗲𝗿𝘀: To speed up their initial testing and find easy vulnerabilities. ▶ 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿𝘀: To quickly find and fix security bugs before they go live. ▶ 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗟𝗲𝗮𝗿𝗻𝗲𝗿𝘀: To understand how real-world cyber threats look and work. 𝙆𝙚𝙮 𝙁𝙚𝙖𝙩𝙪𝙧𝙚𝙨: ▶ 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰 𝗦𝗰𝗮𝗻𝗻𝗶𝗻𝗴: Scans input boxes (username, password, search) to see if they are properly protected. ▶ 𝗢𝗪𝗔𝗦𝗣 𝗧𝗼𝗽 𝟭𝟬 𝗙𝗼𝗰𝘂𝘀: Detects critical issues like SQLi, XSS, and Command Injections (CMDi). ▶ 𝗣𝗮𝘀𝘀𝗶𝘃𝗲 𝗥𝗲𝗰𝗼𝗻𝗻𝗮𝗶𝘀𝘀𝗮𝗻𝗰𝗲: Inspects HTML comments, Security Headers, and Cookies for bad configurations. ▶ 𝗩𝗶𝘀𝘂𝗮𝗹 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝗲𝗿: If a weakness is found, it highlights the exact area on the webpage in red or orange.

Hunter Search

Otimize buscas para pentest e bug bounty com dorks automáticos. Hunter Search – Dorks Inteligentes para Pentest e Bug Bounty Otimize suas buscas de segurança! O Hunter Search é a extensão definitiva para profissionais de pentest, bug bounty hunters e entusiastas de segurança que desejam encontrar informações sensíveis, vulnerabilidades e exposições públicas de forma rápida, prática e inteligente. Principais Funcionalidades - Montagem Avançada de Dorks: Combine palavras-chave, múltiplos sites, operadores Google e dorks prontos (IDOR, XSS, SQLi, AWS, arquivos sensíveis, leaks, painéis admin e muito mais) em uma interface intuitiva. - Pré-visualização em Tempo Real: Veja como ficará sua query antes de buscar, garantindo precisão e controle total. - Busca Multi-Plataforma: Escolha entre Google, Bing ou DuckDuckGo para ampliar suas possibilidades de descoberta. - Histórico e Favoritos: Salve e reutilize suas queries mais usadas. Nunca mais perca aquele dork perfeito! - Botões Rápidos: Copie, limpe ou favorite suas buscas com apenas um clique. - Modo Escuro/Claro Automático: Interface moderna, responsiva e confortável para qualquer hora do dia. - Tooltips e Ajuda: Dicas rápidas em cada campo para facilitar o uso, mesmo para quem está começando. Exemplos de uso - Encontrar vazamentos de chaves AWS em repositórios públicos. - Buscar arquivos sensíveis (.env, config, credentials) em sites e domínios específicos. - Descobrir endpoints de administração, painéis e dashboards expostos. - Pesquisar por vulnerabilidades comuns (IDOR, XSS, SQLi) em qualquer site. - Montar dorks customizados para investigações avançadas. Por que usar o Hunter Search? - Produtividade: Economize tempo montando queries complexas com poucos cliques. - Personalização: Adapte a busca ao seu objetivo, seja para bug bounty, CTF, OSINT ou auditoria. - Praticidade: Tudo em um só lugar, sem precisar decorar dorks ou operadores. Hunter Search Otimize suas buscas. Encontre vulnerabilidades. Eleve seu bug bounty!