oeknaicglkafmhokkehnflfaomjgflgo
Detects exposed sensitive files (.git, .env, SSH keys, AWS credentials). Essential security tool for researchers & developers. Automatically scan websites for exposed sensitive files and security vulnerabilities. Perfect for security researchers, developers, and bug bounty hunters. DotDrop scans for 80+ types of exposed files including: - **Traffic Light System**: 🟢 Safe / 🟠 Not Scanned / 🔴 Vulnerable - **Real-time Scan Progress**: See exactly what's being checked - **One-Click Copy**: Export findings as formatted Markdown reports - **Detection Age Tracking**: "2h ago", "3d ago" timestamps - **Stealth Mode**: Slower scanning to avoid rate limiting - **Batch Scanning**: Test multiple domains at once - **Export Options**: JSON, CSV, or Markdown formats - **Statistics Dashboard**: Track vulnerable sites and severity breakdown - **100% Local**: Zero data collection, complete privacy ✅ All processing happens locally on your device ✅ No data sent to external servers ✅ No analytics or tracking ✅ Open source - inspect the code yourself ✅ Minimal permissions (only what's needed) ## 🎯 Perfect For - Security researchers conducting vulnerability assessments - Developers checking their own sites for exposed files - Bug bounty hunters finding security issues - DevOps teams auditing infrastructure - Anyone concerned about web security 1. Browse normally - DotDrop scans automatically 2. Check the icon - Color indicates security status 3. Click to view - See detailed findings 4. Export results - Copy or download reports Advanced 5-layer validation system ensures accurate detection: - HTTP 200 status verification - Content-Type checking - File size validation - HTML error page detection - Content pattern analysis **For Developers:** Test your own websites before deployment to catch exposed configuration files, credentials, or backup files that shouldn't be public. **For Security Researchers:** Quickly identify common security misconfigurations during reconnaissance. Export findings for professional reports. **For Bug Bounty Hunters:** Automate the detection of low-hanging fruit vulnerabilities. Copy findings directly to bug reports with one click. **Disclaimer**: This tool is for ethical security research and educational purposes only. Always obtain proper authorization before testing websites you don't own.
LPR - Ultimate Recon & Bug Hunting Tool
LPR (Live Params & Redirects) is an all-in-one reconnaissance and… LPR (Live Params & Redirects) is an all-in-one reconnaissance and vulnerability scanning assistant designed for Bug Bounty Hunters, Penetration Testers, and Web Developers. Instead of wasting time inspecting elements and grepping through minified JavaScript files, LPR automatically extracts and categorizes every potential injection point and hidden asset on the page. 🕵️♂️ Deep Parameter Extraction: Automatically scrapes parameters from HTML forms, DOM inputs, and JavaScript variables (var, let, const). 🔗 Advanced Asset Discovery: Digs into external .js files to find full URLs (S3 buckets, API endpoints) and hidden Routes (e.g., /api/v1/admin) that are invisible in the UI. ⚔️ XSS & Security Scanner: proactively hunts for Dangerous Sinks (innerHTML, eval), React/Vue bypass patterns, and javascript: URIs to speed up your XSS discovery. 🆔 IDOR Hunting: Instantly lists all ID-related patterns (e.g., user_id, order_uuid, account_id) found in the source code with line numbers. 🔀 Redirect Analysis: Detects potential Open Redirect vulnerabilities by scanning for window.location, meta refresh, and navigation sinks. 💾 Accumulative Scanning: Data is saved as you browse. The extension prevents accidental tab closing to ensure you never lose your reconnaissance data during a session. Why LPR? Whether you are looking for hidden API endpoints, testing for IDORs, or hunting for DOM-based XSS, LPR gives you a bird's-eye view of the target's attack surface in seconds.
JSner - Endpoint Extractor
Advanced endpoint scanner with verification. Extract and test API endpoints, GraphQL queries, and more from any website. JSner – Directory & Endpoint Finder for Bug Hunters JSner is a lightweight browser extension built for bug bounty hunters and penetration testers. It automatically crawls JavaScript files and other resources on the target domain to uncover hidden directories, endpoints, APIs, and configuration paths — all from your browser. 🔍 Features Instantly extract endpoints and directories from loaded scripts and pages Supports JavaScript, JSON, HTML, and other static resources Auto-filters duplicates and noise for cleaner results One-click export of findings (TXT / JSON) 100% client-side — no data leaves your browser ⚡ Why JSner Perfect for quick reconnaissance during web application testing. It helps identify forgotten or hidden API endpoints that may expose sensitive functionality or lead to deeper vulnerabilities. 🛠️ Usage Load your target site. Open JSner and click “Scan”. Review and export discovered endpoints instantly. 🤝 Contribute Project repo: github.com/vegeta2op/JSner Pull requests, feature ideas, and improvements are welcome!
Subdomain Finder - Find Hidden Subdomains
The best Subdomain Finder tool for bug bounty hunters and security researchers. Find hidden subdomains quickly and easily. 🚀 Subdomain Finder - The Essential Tool for Bug Bounty Hunters Discover hidden subdomains quickly and easily with our powerful Subdomain Finder extension. Perfect for bug bounty hunters, security researchers, and penetration testers. Key Features: ✅ Fast & Efficient Scanning ✅ Clean, Modern Interface ✅ Export Results ✅ Copy Subdomains with One Click ✅ Active Domain Status Check ✅ No API Key Required ✅ Zero Configuration Needed How It Works: 1. Click the extension icon 2. Enter a domain name (or use current tab's domain) 3. Click "Scan" to discover subdomains 4. View, copy, or export results Perfect for: • Bug Bounty Hunters • Security Researchers • Penetration Testers • IT Professionals • Security Enthusiasts
Hunter Search
Otimize buscas para pentest e bug bounty com dorks automáticos. Hunter Search – Dorks Inteligentes para Pentest e Bug Bounty Otimize suas buscas de segurança! O Hunter Search é a extensão definitiva para profissionais de pentest, bug bounty hunters e entusiastas de segurança que desejam encontrar informações sensíveis, vulnerabilidades e exposições públicas de forma rápida, prática e inteligente. Principais Funcionalidades - Montagem Avançada de Dorks: Combine palavras-chave, múltiplos sites, operadores Google e dorks prontos (IDOR, XSS, SQLi, AWS, arquivos sensíveis, leaks, painéis admin e muito mais) em uma interface intuitiva. - Pré-visualização em Tempo Real: Veja como ficará sua query antes de buscar, garantindo precisão e controle total. - Busca Multi-Plataforma: Escolha entre Google, Bing ou DuckDuckGo para ampliar suas possibilidades de descoberta. - Histórico e Favoritos: Salve e reutilize suas queries mais usadas. Nunca mais perca aquele dork perfeito! - Botões Rápidos: Copie, limpe ou favorite suas buscas com apenas um clique. - Modo Escuro/Claro Automático: Interface moderna, responsiva e confortável para qualquer hora do dia. - Tooltips e Ajuda: Dicas rápidas em cada campo para facilitar o uso, mesmo para quem está começando. Exemplos de uso - Encontrar vazamentos de chaves AWS em repositórios públicos. - Buscar arquivos sensíveis (.env, config, credentials) em sites e domínios específicos. - Descobrir endpoints de administração, painéis e dashboards expostos. - Pesquisar por vulnerabilidades comuns (IDOR, XSS, SQLi) em qualquer site. - Montar dorks customizados para investigações avançadas. Por que usar o Hunter Search? - Produtividade: Economize tempo montando queries complexas com poucos cliques. - Personalização: Adapte a busca ao seu objetivo, seja para bug bounty, CTF, OSINT ou auditoria. - Praticidade: Tudo em um só lugar, sem precisar decorar dorks ou operadores. Hunter Search Otimize suas buscas. Encontre vulnerabilidades. Eleve seu bug bounty!
