lkpfjhmpbmpflldmdpdoabimdbaclolp
DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations. DOMLogger++ is a browser extension developed for web developers and security researchers. It hooks into specific JavaScript sinks, helping users understand how web scripts operate. With customizable JSON settings, users can adjust how the extension works according to their needs. This tool is especially useful for those looking to identify security risks in web applications. By offering insights into JavaScript interactions, DOMLogger++ can help spot potential vulnerabilities in websites. - [x] Regex-based domain management. - [x] Flexible hooking configuration (class, function, attribute, event). - [x] Regex-based hooks arguments and stack trace filtering (match, !match, matchTrace, !matchTrace). - [x] Dynamic regex generation (exec:). - [x] Dynamic sinks arguments update (hookFunction). - [x] Customizable notifications system (alert, notification). - [x] Required hook logging condition (requiredHook). - [x] On-demand debugging breakpoints. - [x] Integrated Devtools log panel. - [x] Response headers filtering. - [x] Remote logging via webhooks. - [x] Extensive theme customization.
Pathprobe
PathProbe is a powerful Chrome Developer Tools extension designed for web security testing and ethical hacking. This tool enables rapid and efficient discovery of sensitive data by asynchronously scanning user-defined paths of specified targets. Subdomain Enumeration: Perform automated multi-domain testing using free, open-source methods—no API keys required. New Method Fetching: Streamline your testing process with enhanced data-gathering capabilities. Advanced Filtering and Search: Manage results effortlessly with robust tools for sorting and finding key insights. Ideal for ethical hackers, security specialists, and developers, PathProbe is a versatile solution to enhance website security. Initially developed as a personal project, PathProbe is now publicly available. Consider supporting its development via the project settings. *1.2.0: Multi Method option added, free subdomain enum added, censys removed, more paths, responseTime added, general fixes and optimization
JS Recon Buddy
Analyze page scripts for bug bounty reconnaissance. The scanner uses a set of regex patterns to identify and categorize potential security-related information: - Subdomains - discovers related subdomains within the code. - Endpoints & Paths - uncovers potential API endpoints and other useful paths. For Next.js applications, it also automatically parses (if possible) the build manifest to discover all client-side routes. - Potential Secrets - scans for API keys, tokens, and other sensitive data using pattern matching and Shannon entropy checks. - Potential DOM XSS Sinks - identifies dangerous properties and functions like .innerHTML and document.write. - Interesting Parameters - flags potentially vulnerable URL parameters (e.g., redirect, debug, url). - Potential Dependency Confusion - (opt-in) identifies private NPM packages that are not on the public registry, flagging a potential dependency confusion attack vector. - Source Maps - finds links to source maps which can expose original source code. Can optionally guess the location of source maps for discovered JavaScript files even if they aren't explicitly linked. If it is a valid source map, the extension tries to deconstruct source files based on data there - JS Libraries - lists identified JavaScript libraries and their versions. - External and Inline Scripts - provides a complete inventory of all JavaScript sources loaded by the page, allowing you to view the content of any script in a formatted viewer.
postLogger
Extension to log postMessage() - console.info for postMessages from all_frames. - detects the scope of sent messages. - origins that are insecure due to being a sandbox domain or a wildcard, will be prefixed with UNSAFE. - detects if a website does not check MessageEvent.origin - MessageChannel API May cause unexpected behavior so please use it in a different browser profile and disable when not wanted.
S3BucketList
S3BucketList automatically scans network requests made by your browser to detect Amazon S3 bucket URLs In penetration testing, searching for S3 Buckets can be a exhaustive task, which requires you to filter, search, and check for every S3 bucket urls. This extension does all that work for you while you browse the internet. It will instantly notify you, automatically filter buckets, and lists all the permission it was able to extract, even tell you what buckets are unclaimed.
