XSSRush

Shodan

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open. The Shodan plugin for Chrome automatically checks whether Shodan has any information for the current website. Is the website also running FTP, DNS, SSH or some unusual service? With this plugin you can see all the info that Shodan has collected on a given website/ domain.

NavSec Vulnerability Scanner

Comprehensive security scanner with advanced XSS detection, API security analysis, and authentication testing NavSec Security Scanner v2.0 - Executive Summary 🚀 Overview NavSec is the world's most comprehensive passive web vulnerability scanner, now with international regional compliance capabilities. It performs real-time security analysis directly in your browser, detecting 80+ types of vulnerabilities across 15+ countries with 140+ automated tests. Market Innovation • First and only scanner with multi-regional identity detection • 15 countries covered with proper validation algorithms • 10 major privacy laws compliance (LGPD, GDPR, CCPA, PIPEDA, etc.) • Automatic locale detection for region-specific scanning ________________________________________ Comprehensive Security Analysis • Transport Security - HTTPS, WebSocket, Mixed Content • Headers & CSP - X-Frame-Options, HSTS, SRI • SQL Injection - 10 detection methods • XSS Protection - Reflected, Stored, DOM-based • Authentication - JWT, CSRF, Session Management • Data Privacy - Credit Cards, API Keys, Passwords • Form Security - File Upload, CAPTCHA, Autocomplete • Comments & Metadata - TODOs, Dev URLs, Credentials • Iframe Security - Sandbox, External Sources Unique Advantages • ✅ 100% Passive - No data modification • ✅ 100% Local - Complete privacy • ✅ Zero Configuration - Works instantly • ✅ Professional Reports - Export detailed dashboards • ✅ Free Forever - No premium tiers ________________________________________ Technical Specifications • Technology: Chrome Extension (Manifest V3) • Language: JavaScript ES6+ • Performance:

DIRFOX - Endpoint Fuzzer for Pentesters

Fuzz endpoints using custom or GitHub-hosted wordlists. Built for security researchers and pentesters. 🔍 DIRFOX – Endpoint Fuzzer for Pentesters Discover hidden endpoints effortlessly, built for professionals. Dirfox is a lightweight yet powerful browser extension designed for penetration testers, bug bounty hunters, and cybersecurity enthusiasts. With a sleek Apple-style interface and real-time scanning capabilities, Dirfox helps you uncover hidden directories and endpoints from any website — fast, accurate, and efficiently. 🚀 Key Features : ✅ Custom & GitHub Wordlist Support Use your own wordlists or fetch popular ones directly from GitHub. 📡 Live Scanning with Status Code Filtering Watch your scan progress in real time and filter results by HTTP status codes (200, 403, 404, etc.). 🧠 Persistent Background Scanning Close the popup or switch tabs — your scan keeps running in the background without interruption. 📊 Auto-Save 200 OK Results Successful results are automatically saved and available in the scan history. 🌗 Modern Apple-style UI with Dark Mode Enjoy a clean, responsive interface with smooth transitions and a dark/light mode toggle. 🛠️ Full Scan Control Start, stop, or restart your scan anytime with intuitive controls. 🧩 Fullscreen Monitoring Mode Track scans in an immersive fullscreen view — perfect for focused workflows. 🧼 Clear History Button Easily delete all scan history with a single click. ❤️ Built-in Author Page & Support Links Learn more about the developer, explore other tools, and support the project directly from the extension. 🔒 Why Dirfox? Dirfox isn't just another endpoint scanner — it's a must-have tool that gives you: - Faster, smarter endpoint fuzzing. - Real-time feedback with clean visual progress. - Auto-saved results for efficient analysis. - A smooth, elegant user experience inspired by Apple-style design. Perfect for CTFs, bug bounty programs, and professional pentesting projects. 💡 Ready to uncover the hidden? 📥 Install Dirfox now and take your recon to the next level.

Lyra

Lyra is a XSS automater and broken link checker. - Automates XSS vulnerability checks in the Chrome browser. - Scans the current website for all available links. - Checks for broken links in real-time. - Provides a user-friendly interface for ease of use. - Saves time and effort for manual checking of XSS and broken links. - Supports both HTTP and HTTPS websites. - Continuously updates its database of XSS payloads for maximum efficiency. - Easy to install and use with just a few clicks. The perfect solution for anyone looking to increase bug bounty speed.