gkmpnokjlhmbhppemigkhcddiiigjmcc
Advanced endpoint scanner with verification. Extract and test API endpoints, GraphQL queries, and more from any website. JSner โ Directory & Endpoint Finder for Bug Hunters JSner is a lightweight browser extension built for bug bounty hunters and penetration testers. It automatically crawls JavaScript files and other resources on the target domain to uncover hidden directories, endpoints, APIs, and configuration paths โ all from your browser. ๐ Features Instantly extract endpoints and directories from loaded scripts and pages Supports JavaScript, JSON, HTML, and other static resources Auto-filters duplicates and noise for cleaner results One-click export of findings (TXT / JSON) 100% client-side โ no data leaves your browser โก Why JSner Perfect for quick reconnaissance during web application testing. It helps identify forgotten or hidden API endpoints that may expose sensitive functionality or lead to deeper vulnerabilities. ๐ ๏ธ Usage Load your target site. Open JSner and click โScanโ. Review and export discovered endpoints instantly. ๐ค Contribute Project repo: github.com/vegeta2op/JSner Pull requests, feature ideas, and improvements are welcome!
SecuriScanX
Harden your input points - detect SQLi, XSS & CMDi within seconds. ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐ฆ๐ฐ๐ฎ๐ป๐ซ: ๐ฌ๐ผ๐๐ฟ ๐ข๐ป๐ฒ-๐๐น๐ถ๐ฐ๐ธ ๐ช๐ฒ๐ฏ๐๐ถ๐๐ฒ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐๐๐ฎ๐ฟ๐ฑ SecuriScanX is a powerful but easy-to-use tool designed to keep websites safe from hackers. It works like a digital security guard, automatically checking any web page for common security weaknesses in seconds. ๐ ๐๐๐ฎ ๐๐ฉโ๐จ ๐ ๐๐๐ข๐-๐พ๐๐๐ฃ๐๐๐ง ๐๐ค๐ง ๐ฝ๐ช๐ ๐๐ช๐ฃ๐ฉ๐๐ง๐จ & ๐๐๐ฃ๐ฉ๐๐จ๐ฉ๐๐ง๐จ For those in Web Pentesting and Bug Bounty, speed and efficiency are everything. SecuriScanX acts as your first line of attack during the reconnaissance phase: โถ ๐๐ฎ๐๐ ๐ฆ๐๐ฟ๐ณ๐ฎ๐ฐ๐ฒ ๐๐ป๐ฎ๐น๐๐๐ถ๐: Instead of manually testing every single input, run SecuriScanX to quickly identify which fields are vulnerable to SQLi, XSS, or Command Injection. โถ ๐๐ป๐ณ๐ผ๐ฟ๐บ๐ฎ๐๐ถ๐ผ๐ป ๐๐ฎ๐๐ต๐ฒ๐ฟ๐ถ๐ป๐ด (๐ฃ๐ฎ๐๐๐ถ๐๐ฒ ๐ฆ๐ฐ๐ฎ๐ป): It automatically uncovers hidden details like sensitive info in HTML comments, missing security headers, and cookie configurations that could lead to bigger exploits. โถ ๐๐ป๐๐ฒ๐น๐น๐ถ๐ด๐ฒ๐ป๐ ๐๐๐๐๐ถ๐ป๐ด: The tool doesn't just "guess"; it uses intelligent context detection to send the right payloads to the right fields (e.g., login-specific payloads for auth forms). โถ ๐๐๐๐ผ๐บ๐ฎ๐๐ฒ๐ฑ "๐๐ผ๐-๐๐ฎ๐ป๐ด๐ถ๐ป๐ด ๐๐ฟ๐๐ถ๐" ๐๐ถ๐๐ฐ๐ผ๐๐ฒ๐ฟ๐: It saves you hours of manual work by flagging obvious vulnerabilities instantly, allowing you to focus your energy on more complex manual exploits. ๐๐๐ค ๐๐จ ๐๐ฉ ๐๐ค๐ง? โถ ๐๐๐ด ๐๐๐ป๐๐ฒ๐ฟ๐ & ๐ฃ๐ฒ๐ป๐๐ฒ๐๐๐ฒ๐ฟ๐: To speed up their initial testing and find easy vulnerabilities. โถ ๐๐ฒ๐๐ฒ๐น๐ผ๐ฝ๐ฒ๐ฟ๐: To quickly find and fix security bugs before they go live. โถ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐๐ฒ๐ฎ๐ฟ๐ป๐ฒ๐ฟ๐: To understand how real-world cyber threats look and work. ๐๐๐ฎ ๐๐๐๐ฉ๐ช๐ง๐๐จ: โถ ๐๐๐๐ผ๐บ๐ฎ๐๐ถ๐ฐ ๐ฆ๐ฐ๐ฎ๐ป๐ป๐ถ๐ป๐ด: Scans input boxes (username, password, search) to see if they are properly protected. โถ ๐ข๐ช๐๐ฆ๐ฃ ๐ง๐ผ๐ฝ ๐ญ๐ฌ ๐๐ผ๐ฐ๐๐: Detects critical issues like SQLi, XSS, and Command Injections (CMDi). โถ ๐ฃ๐ฎ๐๐๐ถ๐๐ฒ ๐ฅ๐ฒ๐ฐ๐ผ๐ป๐ป๐ฎ๐ถ๐๐๐ฎ๐ป๐ฐ๐ฒ: Inspects HTML comments, Security Headers, and Cookies for bad configurations. โถ ๐ฉ๐ถ๐๐๐ฎ๐น ๐๐ถ๐ด๐ต๐น๐ถ๐ด๐ต๐๐ฒ๐ฟ: If a weakness is found, it highlights the exact area on the webpage in red or orange.
Wayback Recon Pro
Reconnaissance toolkit for Wayback Machine archives. Extract URLs, subdomains, parameters, and sensitive files. Transform your security reconnaissance with the most advanced Wayback Machine interface available. Designed for bug bounty hunters, penetration testers, and security researchers who demand professional-grade tools. โข Main Domain Scanner - Retrieve all archived URLs from primary domain โข Wildcard Domain Search - Include all subdomains in reconnaissance โข Specific Path Targeting - Focus on exact URL paths for precise analysis โข Sensitive File Hunter - Automatically detect config files, backups, database files, keys, and secrets โข JavaScript Extractor - Isolate all .js files for API endpoint discovery โข Parameter Discovery - Find URLs with query strings for vulnerability testing โข Subdomain Enumeration - Collect comprehensive subdomain lists โข Status Code Filtering - Filter results by HTTP response codes โข Clean, modern interface designed for productivity โข Intuitive controls with hover tooltips โข Real-time status notifications โข Auto-domain extraction from current tab โข Glassmorphism design with smooth animations โข 100% free - no subscriptions or hidden costs โข No data collection or tracking โข Direct queries to Wayback Machine API โข Open source and transparent โข Minimal permissions required Perfect for security professionals conducting reconnaissance, bug bounty hunting, or digital forensics research. All features work instantly without account creation. Crafted for professionals by LostSec.
LPR - Ultimate Recon & Bug Hunting Tool
LPR (Live Params & Redirects) is an all-in-one reconnaissance andโฆ LPR (Live Params & Redirects) is an all-in-one reconnaissance and vulnerability scanning assistant designed for Bug Bounty Hunters, Penetration Testers, and Web Developers. Instead of wasting time inspecting elements and grepping through minified JavaScript files, LPR automatically extracts and categorizes every potential injection point and hidden asset on the page. ๐ต๏ธโโ๏ธ Deep Parameter Extraction: Automatically scrapes parameters from HTML forms, DOM inputs, and JavaScript variables (var, let, const). ๐ Advanced Asset Discovery: Digs into external .js files to find full URLs (S3 buckets, API endpoints) and hidden Routes (e.g., /api/v1/admin) that are invisible in the UI. โ๏ธ XSS & Security Scanner: proactively hunts for Dangerous Sinks (innerHTML, eval), React/Vue bypass patterns, and javascript: URIs to speed up your XSS discovery. ๐ IDOR Hunting: Instantly lists all ID-related patterns (e.g., user_id, order_uuid, account_id) found in the source code with line numbers. ๐ Redirect Analysis: Detects potential Open Redirect vulnerabilities by scanning for window.location, meta refresh, and navigation sinks. ๐พ Accumulative Scanning: Data is saved as you browse. The extension prevents accidental tab closing to ensure you never lose your reconnaissance data during a session. Why LPR? Whether you are looking for hidden API endpoints, testing for IDORs, or hunting for DOM-based XSS, LPR gives you a bird's-eye view of the target's attack surface in seconds.
Hunter Search
Otimize buscas para pentest e bug bounty com dorks automรกticos. Hunter Search โ Dorks Inteligentes para Pentest e Bug Bounty Otimize suas buscas de seguranรงa! O Hunter Search รฉ a extensรฃo definitiva para profissionais de pentest, bug bounty hunters e entusiastas de seguranรงa que desejam encontrar informaรงรตes sensรญveis, vulnerabilidades e exposiรงรตes pรบblicas de forma rรกpida, prรกtica e inteligente. Principais Funcionalidades - Montagem Avanรงada de Dorks: Combine palavras-chave, mรบltiplos sites, operadores Google e dorks prontos (IDOR, XSS, SQLi, AWS, arquivos sensรญveis, leaks, painรฉis admin e muito mais) em uma interface intuitiva. - Prรฉ-visualizaรงรฃo em Tempo Real: Veja como ficarรก sua query antes de buscar, garantindo precisรฃo e controle total. - Busca Multi-Plataforma: Escolha entre Google, Bing ou DuckDuckGo para ampliar suas possibilidades de descoberta. - Histรณrico e Favoritos: Salve e reutilize suas queries mais usadas. Nunca mais perca aquele dork perfeito! - Botรตes Rรกpidos: Copie, limpe ou favorite suas buscas com apenas um clique. - Modo Escuro/Claro Automรกtico: Interface moderna, responsiva e confortรกvel para qualquer hora do dia. - Tooltips e Ajuda: Dicas rรกpidas em cada campo para facilitar o uso, mesmo para quem estรก comeรงando. Exemplos de uso - Encontrar vazamentos de chaves AWS em repositรณrios pรบblicos. - Buscar arquivos sensรญveis (.env, config, credentials) em sites e domรญnios especรญficos. - Descobrir endpoints de administraรงรฃo, painรฉis e dashboards expostos. - Pesquisar por vulnerabilidades comuns (IDOR, XSS, SQLi) em qualquer site. - Montar dorks customizados para investigaรงรตes avanรงadas. Por que usar o Hunter Search? - Produtividade: Economize tempo montando queries complexas com poucos cliques. - Personalizaรงรฃo: Adapte a busca ao seu objetivo, seja para bug bounty, CTF, OSINT ou auditoria. - Praticidade: Tudo em um sรณ lugar, sem precisar decorar dorks ou operadores. Hunter Search Otimize suas buscas. Encontre vulnerabilidades. Eleve seu bug bounty!
