dfpbcaidpddflbndnkklonipngeaaecn
LPR (Live Params & Redirects) is an all-in-one reconnaissance and… LPR (Live Params & Redirects) is an all-in-one reconnaissance and vulnerability scanning assistant designed for Bug Bounty Hunters, Penetration Testers, and Web Developers. Instead of wasting time inspecting elements and grepping through minified JavaScript files, LPR automatically extracts and categorizes every potential injection point and hidden asset on the page. 🕵️♂️ Deep Parameter Extraction: Automatically scrapes parameters from HTML forms, DOM inputs, and JavaScript variables (var, let, const). 🔗 Advanced Asset Discovery: Digs into external .js files to find full URLs (S3 buckets, API endpoints) and hidden Routes (e.g., /api/v1/admin) that are invisible in the UI. ⚔️ XSS & Security Scanner: proactively hunts for Dangerous Sinks (innerHTML, eval), React/Vue bypass patterns, and javascript: URIs to speed up your XSS discovery. 🆔 IDOR Hunting: Instantly lists all ID-related patterns (e.g., user_id, order_uuid, account_id) found in the source code with line numbers. 🔀 Redirect Analysis: Detects potential Open Redirect vulnerabilities by scanning for window.location, meta refresh, and navigation sinks. 💾 Accumulative Scanning: Data is saved as you browse. The extension prevents accidental tab closing to ensure you never lose your reconnaissance data during a session. Why LPR? Whether you are looking for hidden API endpoints, testing for IDORs, or hunting for DOM-based XSS, LPR gives you a bird's-eye view of the target's attack surface in seconds.
CyberInject
Professional security testing toolkit for ethical hackers and penetration testers CyberInject is a professional security testing toolkit designed for authorized penetration testers and ethical hackers. Payload Collections - XSS Payloads - 15 cross-site scripting test vectors - SQL Injection - 15 database injection payloads - SSRF - 12 server-side request forgery tests - LFI - 12 local file inclusion vectors - Other Vulnerabilities - 15 additional security tests including XXE, SSTI, Command Injection, and Log4Shell Enhanced Tools - Encoding/Decoding Tools - URL, Base64, HTML Entity, and Hex encoding/decoding - Payload Variation Generator - Automatically generate multiple variations of payloads (case changes, encoding, obfuscation) - Character Counter - Count characters, words, and lines in your payloads - Custom Payloads - Add, organize, and permanently save your own custom injection payloads Smart Features - Real-time Search - Instantly search through all payloads, tools, and references across all categories - Session History- Automatic tracking of all copied payloads with timestamps for audit trails - One-click Copying - Quick clipboard integration with visual feedback - Reference Library - Quick access to HTTP status codes, common ports, OWASP Top 10, and security resources - Intuitive Tabbed Interface - Organized by vulnerability type with smooth navigation - Keyboard Shortcuts - Press 1-8 to quickly switch between categories - Professional Design - Clean, security-focused interface with smooth scrolling fade effects - Smart Search Bar - Filter payloads in real-time as you type - Persistent Storage - All custom payloads and history saved permanently across browser sessions - Instant History Updates - See your testing history update immediately as you work PERFECT FOR: - Security professionals and penetration testers - Bug bounty hunters conducting authorized research - Security training and educational purposes - Authorized vulnerability assessments - Red team operations and security audits - Researchers who need to organize and track custom payloads - Teams who need consistent payload references This extension provides quick access to common security testing payloads without requiring external tools or references. All features work offline with no network requests or data collection. Custom payloads and history are saved permanently using browser storage (chrome.storage API) and will persist across extension sessions. The extension includes: - 69+ pre-loaded security testing payloads - 6 encoding/decoding tools - Comprehensive reference documentation - Unlimited custom payload storage - Complete session history tracking - Real-time search across all content This tool is intended solely for authorized security testing. Users must obtain explicit written permission before testing any systems and comply with all applicable laws. Unauthorized use is prohibited and may be illegal in your jurisdiction. Want to explore the source code or contribute? Check out the project on GitHub: https://github.com/CyberNilsen/CyberInject Version 1.3.0 - Now with enhanced search, history tracking, encoding tools, and improved user experience!
DIRFOX - Endpoint Fuzzer for Pentesters
Fuzz endpoints using custom or GitHub-hosted wordlists. Built for security researchers and pentesters. 🔍 DIRFOX – Endpoint Fuzzer for Pentesters Discover hidden endpoints effortlessly, built for professionals. Dirfox is a lightweight yet powerful browser extension designed for penetration testers, bug bounty hunters, and cybersecurity enthusiasts. With a sleek Apple-style interface and real-time scanning capabilities, Dirfox helps you uncover hidden directories and endpoints from any website — fast, accurate, and efficiently. 🚀 Key Features : ✅ Custom & GitHub Wordlist Support Use your own wordlists or fetch popular ones directly from GitHub. 📡 Live Scanning with Status Code Filtering Watch your scan progress in real time and filter results by HTTP status codes (200, 403, 404, etc.). 🧠 Persistent Background Scanning Close the popup or switch tabs — your scan keeps running in the background without interruption. 📊 Auto-Save 200 OK Results Successful results are automatically saved and available in the scan history. 🌗 Modern Apple-style UI with Dark Mode Enjoy a clean, responsive interface with smooth transitions and a dark/light mode toggle. 🛠️ Full Scan Control Start, stop, or restart your scan anytime with intuitive controls. 🧩 Fullscreen Monitoring Mode Track scans in an immersive fullscreen view — perfect for focused workflows. 🧼 Clear History Button Easily delete all scan history with a single click. ❤️ Built-in Author Page & Support Links Learn more about the developer, explore other tools, and support the project directly from the extension. 🔒 Why Dirfox? Dirfox isn't just another endpoint scanner — it's a must-have tool that gives you: - Faster, smarter endpoint fuzzing. - Real-time feedback with clean visual progress. - Auto-saved results for efficient analysis. - A smooth, elegant user experience inspired by Apple-style design. Perfect for CTFs, bug bounty programs, and professional pentesting projects. 💡 Ready to uncover the hidden? 📥 Install Dirfox now and take your recon to the next level.
Subdomain Finder - Find Hidden Subdomains
The best Subdomain Finder tool for bug bounty hunters and security researchers. Find hidden subdomains quickly and easily. 🚀 Subdomain Finder - The Essential Tool for Bug Bounty Hunters Discover hidden subdomains quickly and easily with our powerful Subdomain Finder extension. Perfect for bug bounty hunters, security researchers, and penetration testers. Key Features: ✅ Fast & Efficient Scanning ✅ Clean, Modern Interface ✅ Export Results ✅ Copy Subdomains with One Click ✅ Active Domain Status Check ✅ No API Key Required ✅ Zero Configuration Needed How It Works: 1. Click the extension icon 2. Enter a domain name (or use current tab's domain) 3. Click "Scan" to discover subdomains 4. View, copy, or export results Perfect for: • Bug Bounty Hunters • Security Researchers • Penetration Testers • IT Professionals • Security Enthusiasts
Recon Buddy
Extract recon data like JWTs, API keys, parameters, and endpoints from visited pages. Recon-Buddy is a powerful Chrome extension designed for bug bounty hunters, penetration testers, and security researchers. It streamlines passive reconnaissance by automatically extracting sensitive data and valuable recon artifacts from every page you visit. From hidden endpoints and API keys to misconfigured secrets, Recon-Buddy gives you the edge in uncovering potential attack surfaces with speed and precision.
