icjlbldpcojppnjpkpkkfbhnfafnhpfl
Lightweight security scanner that analyzes websites for common vulnerabilities and security misconfigurations SecuriScan is a powerful Chrome extension that performs comprehensive passive security analysis on any website. Built for developers, security professionals, and anyone who wants quick security insights without setting up complex tools like Burp Suite or OWASP ZAP. ๐ ๐ช๐๐๐ง'๐ฆ ๐ก๐๐ช ๐๐ก ๐ฉ๐ญ.๐ฏ.๐ฌ โข ๐ Privacy tracker detection โ flags 18 third-party trackers including Meta Pixel, TikTok, Hotjar, FullStory, and more โข ๐พ Browser storage audit โ scans localStorage and sessionStorage for exposed tokens, keys, and PII โข ๐ Scan history & score trends โ tracks your last 10 scans per domain and shows โ/โ trend on every result โข ๐ JSON export โ export results as machine-readable JSON alongside the existing HTML report ๐ ๐ช๐๐๐ง ๐๐ง ๐๐ข๐๐ฆ When you click scan, SecuriScan analyzes the current page for security misconfigurations and vulnerabilities across 12 categories: ๐ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐๐ฒ๐ฎ๐ฑ๐ฒ๐ฟ๐ (๐ญ๐ฌ ๐ฐ๐ต๐ฒ๐ฐ๐ธ๐) โข Content-Security-Policy (CSP) โข Strict-Transport-Security (HSTS) โข X-Frame-Options โข X-Content-Type-Options โข Referrer-Policy โข Permissions-Policy โข Cross-Origin-Opener-Policy โข Cross-Origin-Resource-Policy โข Cross-Origin-Embedder-Policy โข X-XSS-Protection ๐ช ๐๐ผ๐ผ๐ธ๐ถ๐ฒ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ โข HttpOnly and Secure flag validation โข Session token exposure detection โข Sensitive cookie pattern matching โข SameSite attribute guidance ๐ ๐ฉ๐๐น๐ป๐ฒ๐ฟ๐ฎ๐ฏ๐น๐ฒ ๐๐ฎ๐๐ฎ๐ฆ๐ฐ๐ฟ๐ถ๐ฝ๐ ๐๐ถ๐ฏ๐ฟ๐ฎ๐ฟ๐ถ๐ฒ๐ (๐ฏ๐ฑ+ ๐น๐ถ๐ฏ๐ฟ๐ฎ๐ฟ๐ถ๐ฒ๐) ๐ด Critical Severity: โข Handlebars
OWASP Penetration Testing Kit
The OWASP Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily AppSec tasks. Whether youโre a penetration tester, a Red Team member, or an AppSec practitioner, OWASP PTK enhances your efficiency and provides deep insights into your target application. Runtime Scanning (DAST & IAST & SAST & SCA): Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats. Static Analysis (SAST): PTK automatically parses loaded JavaScript, HTML, and CSS right in your browserโbefore any code ever runs. It flags unsafe patterns like `eval()`, `innerHTML`/`outerHTML` injection, insecure cryptographic calls, missing input sanitization, and common anti-patterns. In-Browser IAST (Interactive Application Security Testing): PTKโs built-in IAST engine instruments your app at runtimeโright in the browserโtracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe `eval`/`innerHTML` usage, open-redirects, and more without leaving your dev tools. JWT Inspector: Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious `jwk`, `jku`, or `kid` parameters. Insightful Application Info: One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows. Built-in Proxy & Traffic Log: Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection. R-Builder for Request Tampering & Smuggling: Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export. Cookie Management: Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor. Decoder/Encoder Utility: Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats. Swagger.IO Integration: Browse and interact with API endpoints directly from your Swagger documentation. Selenium Integration: Shift left security by running automated Selenium tests with built-in vulnerability checks. Enhance your AppSec practice with PTKโthe extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!
NavSec Vulnerability Scanner
Comprehensive security scanner with advanced XSS detection, API security analysis, and authentication testing NavSec Security Scanner v2.0 - Executive Summary ๐ Overview NavSec is the world's most comprehensive passive web vulnerability scanner, now with international regional compliance capabilities. It performs real-time security analysis directly in your browser, detecting 80+ types of vulnerabilities across 15+ countries with 140+ automated tests. Market Innovation โข First and only scanner with multi-regional identity detection โข 15 countries covered with proper validation algorithms โข 10 major privacy laws compliance (LGPD, GDPR, CCPA, PIPEDA, etc.) โข Automatic locale detection for region-specific scanning ________________________________________ Comprehensive Security Analysis โข Transport Security - HTTPS, WebSocket, Mixed Content โข Headers & CSP - X-Frame-Options, HSTS, SRI โข SQL Injection - 10 detection methods โข XSS Protection - Reflected, Stored, DOM-based โข Authentication - JWT, CSRF, Session Management โข Data Privacy - Credit Cards, API Keys, Passwords โข Form Security - File Upload, CAPTCHA, Autocomplete โข Comments & Metadata - TODOs, Dev URLs, Credentials โข Iframe Security - Sandbox, External Sources Unique Advantages โข โ 100% Passive - No data modification โข โ 100% Local - Complete privacy โข โ Zero Configuration - Works instantly โข โ Professional Reports - Export detailed dashboards โข โ Free Forever - No premium tiers ________________________________________ Technical Specifications โข Technology: Chrome Extension (Manifest V3) โข Language: JavaScript ES6+ โข Performance:
DOM XSS Highlighter โ Pro
Highlights user-controlled reflections in DOM to help detect risky contexts. Run only on sites you own or may test. DOM XSS Highlighter helps developers and security testers quickly spot user-controlled reflections inside a webpageโs DOM. By highlighting URL parameters, hash fragments, and other inputs that appear in risky contexts, it makes it easier to catch potential security issues during development and QA. โจ Features โข On-demand scanning (runs only when you click the extension) โข Highlights user input in text, HTML, attributes, and scripts โข Quick โrescanโ and โclearโ controls for fast testing โข Click highlighted text to copy a structured JSON report โข Local-only: no data ever leaves your browser Simple interface with professional security look โ ๏ธ Note: For educational and authorized testing only. Use on websites you own or have explicit permission to test.
CyberPad
CyberPad: Your Ultimate Security, Development & Pen-testing Notepad A secure, distraction-free notepad for your security assessments, coding, or penetration testing. Perfect for quickly documenting findings, writing and formatting code, and keeping all your notes organizedโright in your browser. ๐ What's New in v2.2.1 - Live Markdown Preview: Instantly see your formatted notes as professional HTML documents - Settings Dashboard: Customize your exports with company logos, custom footers, and confidentiality levels - Document Branding: Upload your logo and add custom footers for client-ready reports - Confidentiality Markings: Label documents as Public, Private, or Confidential with color-coded headers - Enhanced Export Options: Choose which elements (logo, footer, classification) to include in each preview - Fixed path issues for Linux systems โจ What CyberPad Does - Keeps Your Notes Private: Everything stays local in your browserโno cloud sync, no external connections. - Preview Your Work: Instantly preview Markdown as formatted HTML with custom branding. - Professional Export Ready: Add company logos, footers, and confidentiality markings for polished reports. - Simplifies Security Work: Effortlessly capture vulnerabilities, bugs, or configuration changes during assessments and bug hunts. - Supports Multiple Languages: Highlight syntax for HTML, JavaScript, Python, PHP, CSS, and many more. - Dark & Minimalist Theme: Less strain on your eyes, more focus on your work. - Easy Saving & Organization: Save multiple findings with timestamps, quickly download notes as Markdown, and stay on top of your work. - Emoji Integration: Add ๐ ๏ธ, โ , or โ ๏ธ as quick status indicators. โก Why You Should Install It - Local-Only Storage: No one sees your notes. Perfect for pen-testing or handling sensitive info. - Live Preview: See your formatted notes instantly before exporting. - Custom Branding: Upload your company logo and add custom footers for professional documentation. - Confidentiality Controls: Mark documents as Public, Private, or Confidential with visual indicators. - Effortless Reporting: Export Markdown files in one click for easy integration into your final reports. - Developer-Friendly: Write code, format it with built-in tools, and reference it later without leaving the browser. - Bug Bounty & Research: Keep track of new vulnerabilities or findings in real time. - Minimal Permissions: Only needs storage, contextMenus, and activeTabโensuring your system stays secure. ๐ Built For - Security Assessments: Document each step and vulnerability with professional formatting - Penetration Testing: Quick note-taking during engagements with instant preview - Bug Bounty Hunting: Organized approach to discoveries with branded exports - Development: Syntax highlighting and code snippets - System Administration: Document configurations and updates - Security Research: Compile and structure research data with custom templates โ๏ธ Key Features - Live Markdown Preview: See formatted HTML output instantly - Custom Document Branding: Upload logos and add custom footers - Confidentiality Markings: Label documents as Public, Private, or Confidential - Multiple Language Support: HTML, JavaScript, Python, PHP, CSS, and more - Markdown Capabilities: Format your notes for professional reporting - Instant Export: One-click download of notes - Timestamped Entries: Keep track of when you made each discovery - Easy Copy/Paste: Works smoothly for code or text snippets - Bug Reporting System: Quickly log and manage software bugs - Settings Dashboard: Customize your export templates and preferences - Clean Interface: Avoid distractions and focus on your work ๐ Privacy & Security - Stores notes only in your browser - No external servers or cloud databases - Minimal permissions, strict content security policy - Manifest V3 compliance Install CyberPad and get a lightweight, secure space for all your security findings and development notesโwith professional export capabilities right at your fingertips.
