Pathprobe
Asychronous multi-domain directory scanner
Analyze page scripts for bug bounty reconnaissance.
按已采集快照查看用户数变化。
展示最近 7 日窗口内已采集的评分快照,辅助判断近期评分是否稳定。
同口径展示 1 天、7 天、30 天的绝对增长与增长率。
查看发布时间、版本、支持语言、最近更新和抓取时间。
查看插件说明、主要功能和适用场景。
The scanner uses a set of regex patterns to identify and categorize potential security-related information:
- Subdomains - discovers related subdomains within the code.
- Endpoints & Paths - uncovers potential API endpoints and other useful paths. For Next.js applications, it also automatically parses (if possible) the build manifest to discover all client-side routes.
- Potential Secrets - scans for API keys, tokens, and other sensitive data using pattern matching and Shannon entropy checks.
- Potential DOM XSS Sinks - identifies dangerous properties and functions like .innerHTML and document.write.
- Interesting Parameters - flags potentially vulnerable URL parameters (e.g., redirect, debug, url).
查看最近评论和评分分布。
商店综合星级:5.0。下方星级分布只统计已同步评论正文;如果某个插件只有公开分数、没有真实评论正文,这里可能为空。
查看 Chrome 商店详情页中的相关产品。
Asychronous multi-domain directory scanner
S3BucketList automatically scans network requests made by your browser to detect Amazon S3 bucket URLs
Find interesting things in the webpage's source code or JavaScript
DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
Highlights user-controlled reflections in DOM to help detect risky contexts. Run only on sites you own or may test.
Detects potential exposed secrets on web pages.
oh THIS ROCKS https://hackertips.today
Super useful for quick checks to make sure you are not exposing any secrets on your web page and that your source maps are not exposed. Or, to view the source map while doing development.