A premium, high-performance Firefox extension designed for authorized security researchers and bug bounty hunters. This tool extracts JavaScript endpoints and identifies sensitive secrets directly from the active tab's sources.
- Deep Analysis: Scans both inline
<script>tags and external.jsfiles. - Background Fetching: Bypasses CORS and CSP restrictions by utilizing a background service worker proxy.
- 30+ Security Signatures:
- Cloud: AWS, Google Cloud, Firebase, Azure Storage.
- Auth/Tokens: GitHub, GitLab, JWT, Slack, Discord, Bearer Tokens.
- Services: Stripe, Twilio, Heroku.
- Recon: IP Addresses, Emails, S3 Buckets, GraphQL, and WebSocket endpoints.
- Actionable Context: Shows exactly where a finding was found and the surrounding code snippet for instant validation.
- Glassmorphism UI: Modern, dark-themed interface with high contrast and smooth micro-animations.
- Export Power: Filter through results live and export findings as structured JSON for report-writing.
- Clone this repository.
- Open Firefox and type
about:debuggingin the address bar. - Click "This Firefox" on the left.
- Click "Load Temporary Add-on...".
- Select the
manifest.jsonfile in this folder.
- Navigate to a target website.
- Click the JS Scanner icon in your toolbar.
- Press "Start Scan".
- Browse through the Endpoints and Secrets tabs.
- Click any item to copy it instantly or use the Filter to find specific paths.
This tool is strictly for authorized security testing only. Do not use it on systems you do not have explicit permission to test. Handle all extracted data responsibly and follow responsible disclosure practices.
- Core: Vanilla JavaScript (ESLint compliant).
- Styling: Modern CSS with CSS Variables and Glassmorphism.
- Manifest: V3 for cross-browser compatibility (Firefox focused).
MIT License