emihdlmaomlajmkaanockgjhojehafnp
Analyze page scripts for bug bounty reconnaissance. The scanner uses a set of regex patterns to identify and categorize potential security-related information: - Subdomains - discovers related subdomains within the code. - Endpoints & Paths - uncovers potential API endpoints and other useful paths. For Next.js applications, it also automatically parses (if possible) the build manifest to discover all client-side routes. - Potential Secrets - scans for API keys, tokens, and other sensitive data using pattern matching and Shannon entropy checks. - Potential DOM XSS Sinks - identifies dangerous properties and functions like .innerHTML and document.write. - Interesting Parameters - flags potentially vulnerable URL parameters (e.g., redirect, debug, url). - Potential Dependency Confusion - (opt-in) identifies private NPM packages that are not on the public registry, flagging a potential dependency confusion attack vector. - Source Maps - finds links to source maps which can expose original source code. Can optionally guess the location of source maps for discovered JavaScript files even if they aren't explicitly linked. If it is a valid source map, the extension tries to deconstruct source files based on data there - JS Libraries - lists identified JavaScript libraries and their versions. - External and Inline Scripts - provides a complete inventory of all JavaScript sources loaded by the page, allowing you to view the content of any script in a formatted viewer.
EndPointer
An endpoint parser and extractor with many flexible features EndPointer: Advanced Endpoint Parser and Extractor EndPointer is a powerful tool designed for developers, security researchers, and web application testers. It parses and extracts endpoints from web applications, providing a comprehensive view of an application's API structure. Core Features: - Automatic Endpoint Parsing: Automatically detects and extracts endpoints from the active tab. - Custom Scope Settings: Define specific domains or URL patterns to focus your analysis. - Concurrent Request Management: Configure the number of simultaneous requests for efficient parsing. - User-Friendly Interface: Easy-to-use popup for quick access to main functions. - Detailed Endpoint View: Examine parsed endpoints, including their source location. - Export Functionality: Save your findings for further analysis or reporting. - URL Classification: Categorize the types of URLs they are. Experimental Features: - Request Editor: Modify and resend captured requests for thorough testing. - Proxy Capture: Intercept and analyze HTTP/HTTPS responses. EndPointer streamlines the process of mapping out web application structures, making it an invaluable asset for API discovery, security assessments, and web application development. Whether you're conducting penetration testing, API integration, or just exploring web application architectures, EndPointer provides the insights you need. Note: This extension requires permission to access website content. It only analyzes the active tab and does not collect or transmit personal data. Enhance your web application analysis with EndPointer - your go-to tool for comprehensive endpoint discovery and testing.
NavSec Vulnerability Scanner
Comprehensive security scanner with advanced XSS detection, API security analysis, and authentication testing NavSec Security Scanner v2.0 - Executive Summary 🚀 Overview NavSec is the world's most comprehensive passive web vulnerability scanner, now with international regional compliance capabilities. It performs real-time security analysis directly in your browser, detecting 80+ types of vulnerabilities across 15+ countries with 140+ automated tests. Market Innovation • First and only scanner with multi-regional identity detection • 15 countries covered with proper validation algorithms • 10 major privacy laws compliance (LGPD, GDPR, CCPA, PIPEDA, etc.) • Automatic locale detection for region-specific scanning ________________________________________ Comprehensive Security Analysis • Transport Security - HTTPS, WebSocket, Mixed Content • Headers & CSP - X-Frame-Options, HSTS, SRI • SQL Injection - 10 detection methods • XSS Protection - Reflected, Stored, DOM-based • Authentication - JWT, CSRF, Session Management • Data Privacy - Credit Cards, API Keys, Passwords • Form Security - File Upload, CAPTCHA, Autocomplete • Comments & Metadata - TODOs, Dev URLs, Credentials • Iframe Security - Sandbox, External Sources Unique Advantages • ✅ 100% Passive - No data modification • ✅ 100% Local - Complete privacy • ✅ Zero Configuration - Works instantly • ✅ Professional Reports - Export detailed dashboards • ✅ Free Forever - No premium tiers ________________________________________ Technical Specifications • Technology: Chrome Extension (Manifest V3) • Language: JavaScript ES6+ • Performance:
DIRFOX - Endpoint Fuzzer for Pentesters
Fuzz endpoints using custom or GitHub-hosted wordlists. Built for security researchers and pentesters. 🔍 DIRFOX – Endpoint Fuzzer for Pentesters Discover hidden endpoints effortlessly, built for professionals. Dirfox is a lightweight yet powerful browser extension designed for penetration testers, bug bounty hunters, and cybersecurity enthusiasts. With a sleek Apple-style interface and real-time scanning capabilities, Dirfox helps you uncover hidden directories and endpoints from any website — fast, accurate, and efficiently. 🚀 Key Features : ✅ Custom & GitHub Wordlist Support Use your own wordlists or fetch popular ones directly from GitHub. 📡 Live Scanning with Status Code Filtering Watch your scan progress in real time and filter results by HTTP status codes (200, 403, 404, etc.). 🧠 Persistent Background Scanning Close the popup or switch tabs — your scan keeps running in the background without interruption. 📊 Auto-Save 200 OK Results Successful results are automatically saved and available in the scan history. 🌗 Modern Apple-style UI with Dark Mode Enjoy a clean, responsive interface with smooth transitions and a dark/light mode toggle. 🛠️ Full Scan Control Start, stop, or restart your scan anytime with intuitive controls. 🧩 Fullscreen Monitoring Mode Track scans in an immersive fullscreen view — perfect for focused workflows. 🧼 Clear History Button Easily delete all scan history with a single click. ❤️ Built-in Author Page & Support Links Learn more about the developer, explore other tools, and support the project directly from the extension. 🔒 Why Dirfox? Dirfox isn't just another endpoint scanner — it's a must-have tool that gives you: - Faster, smarter endpoint fuzzing. - Real-time feedback with clean visual progress. - Auto-saved results for efficient analysis. - A smooth, elegant user experience inspired by Apple-style design. Perfect for CTFs, bug bounty programs, and professional pentesting projects. 💡 Ready to uncover the hidden? 📥 Install Dirfox now and take your recon to the next level.
LPR - Ultimate Recon & Bug Hunting Tool
LPR (Live Params & Redirects) is an all-in-one reconnaissance and… LPR (Live Params & Redirects) is an all-in-one reconnaissance and vulnerability scanning assistant designed for Bug Bounty Hunters, Penetration Testers, and Web Developers. Instead of wasting time inspecting elements and grepping through minified JavaScript files, LPR automatically extracts and categorizes every potential injection point and hidden asset on the page. 🕵️♂️ Deep Parameter Extraction: Automatically scrapes parameters from HTML forms, DOM inputs, and JavaScript variables (var, let, const). 🔗 Advanced Asset Discovery: Digs into external .js files to find full URLs (S3 buckets, API endpoints) and hidden Routes (e.g., /api/v1/admin) that are invisible in the UI. ⚔️ XSS & Security Scanner: proactively hunts for Dangerous Sinks (innerHTML, eval), React/Vue bypass patterns, and javascript: URIs to speed up your XSS discovery. 🆔 IDOR Hunting: Instantly lists all ID-related patterns (e.g., user_id, order_uuid, account_id) found in the source code with line numbers. 🔀 Redirect Analysis: Detects potential Open Redirect vulnerabilities by scanning for window.location, meta refresh, and navigation sinks. 💾 Accumulative Scanning: Data is saved as you browse. The extension prevents accidental tab closing to ensure you never lose your reconnaissance data during a session. Why LPR? Whether you are looking for hidden API endpoints, testing for IDORs, or hunting for DOM-based XSS, LPR gives you a bird's-eye view of the target's attack surface in seconds.
