Browser Extensions which have landed $$$ !

1) Wappalyzer

  • Wappalyzer is a technology profiler which lets you know what CMS website is using, JS libraires, basically what websites are built with.
  • It will help you narrow down the recon process to a specific framework or technology.

2) DotGit

  • An extension which will let you know if .git directory is exposed.
  • I’ve personally had 2 instances where this extension has helped me in discovering exposed git directories.

3) Bishop Vulnerability Scanner

  • Search websites for git repos, exposed config files, and more as you browse.
  • It has once helped me in discovering an endpoint which had a file upload feature. Loaded in a php reverse shell script and got full fledged RCE.

3) Modheader

  • Modheader can help you to modify HTTP request/response headers, modify cookies and much more.

4) Retire.js

  • Retire.js scans for vulnerable JS libraries. The goal is to help you detect use of versions with known vulnerabilities.

5) Similiarweb

  • It will let you know about website traffic, traffic source, engagement rate, traffic ranking, keyword ranking, visits over time and much more.
  • One of the best tool for gaining an in depth knowledge about the target.

<Bonus extension>

JavaScript and CSS Code Beautifier

  • Beautify CSS, JavaScript and JSON code automatically and make the source mode readable.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sagar Sajeev

Sagar Sajeev

18 y/o | Security Researcher | Bug Bounty Hunter |