11 Extensions For Bug Bounty Hunting

Extensions For Bug Bounty Hunting

I will share some Browser Extensions to help you when pentesting a website,The extension below is taken from https://securitytrails.com/ And other sources, then I added some other Extensions. Before that, make sure you are running the latest versions of Mozilla Firefox and Google Chrome web browsers.


Wappalyzer, an add-on available on Chrome and Firefox, can detect all these technology platforms running on any website. As mentioned, this technical data can be further used to search for active CVEs and discover potential threats behind the technology involved.

Install for: CHROME | FIREFOX


Shodan is the best search engine available for IoT devices and an excellent tool for information gathering. It also comes with Chrome and Firefox plugins. The Shodan plugin can help you discover where your target web app is hosted, the IP and who owns it, hostnames, operating system, and any open ports and services. Once installed, it will automatically check the Shodan API when you visit a website, and all of the information mentioned above will be viewable in the pop-up.

Install for: CHROME | FIREFOX


An extension to check if .git is open on visited websites. And found some .env .hg and .svn file. The application will notify you if some of the files above are found, which is perfect for bug bounty hunting when visiting your target web.

Install for: CHROME | FIREFOX


PwnFox uses Firefox container feature to hold multiple unique sessions in the same browser window, no more need to have 3 Firefox instances opened in private browsing mode. For more advanced settings you can set the proxy to Burpsuite. please read the following article https://blog.yeswehack.com/yeswerhackers/pimpmyburp-pwnfox-autorize-find-idor/

Install for: FIREFOX


If you’re a bug bounty hunter, a reliable proxy will allow you to check applications from different locations. Burp Suite, for example, requires you to switch proxies manually—but with a tool like FoxyProxy,  all that hassle is replaced by a single click.

FoxyProxy comes as a Firefox and Chrome (along with many other browsers) extension that allows you to manage different proxy servers, and set them to run at intervals or turn off the proxy connection at a desired period. It automatically switches internet connection between
the proxies according to URL rules.

Install for: CHROME | FIREFOX

HTTP Header Live

HTTP Header Live is a worthy replacement for Live HTTP Headers, a browser extension once widely used in the bug bounty and pen testing community. Created by Martin Antrag, it comes in both Chrome and Firefox flavors and is used to view a website’s live HTTP header information. It will display live headers of each http request, allowing you to edit data and resubmit it.

Install for: CHROME | FIREFOX

Install for: CHROME | FIREFOX


HackBar is a browser extension that allows for testing simple SQL injection and XSS holes. And while you can’t execute standard exploits, you can use it to check if the vulnerability exists. When you enable the toolbar, it provides a simple console with testing tasks, and allows you to manually submit form data with POST or GET requests.Other features include hashing algorithms, encryption and encoding tools, SQL injection assistance and the capability to test for XSS vulnerability with XSS payloads.The HackBar extension is available on both Chrome and Firefox but they do differ slightly with different creators that based them on the original, no longer available Firefox extension. The Chrome extension is the one more widely used and constantly updated as part of their  Developer tools. The Firefox extension, HackBar Quantum is one among many other versions of the same tool, this one seemingly most solid.

Install for: CHROME | FIREFOX

User-Agent Switcher refers to both name of the tools and their function, as variants of this tool offered by both Firefox and Chrome do differ—with the Chrome extension more robust and included in their Developer tools. Used for spoofing a browser while executing attacks, User-Agent Switcher allows you to switch off your user agent easily and with just a few clicks. To further help in spoofing, you can set up specific URLs that you want to spoof every time.

Install for: CHROME | FIREFOX


Retire.js is a vulnerability scanner for Javascript libraries. While it’s primarily run as a command line tool, it also comes as both a Firefox and Chrome extension. It scans and gathers information about vulnerable Javascript libraries in a target web app, allowing bug bounty hunters to find CVEs.

Install for: CHROME | FIREFOX

Temp Mail

Temp Mail provides temporary, secure, anonymous, free and disposable email addresses. Can be used to do pentest if there is a register feature and if you want to use more than one account, without having to use your email from Gmail

Install for: CHROME | FIREFOX

And above are 11 Extensions for Bug Bounty Hunting

Hopefully it can help you :D Thank you for visiting this article, and maybe later there will be other interesting articles. Help subscribe my channel about the PoC Bounty Bug that I found YouTube | Twitter

untuk Terjemah ke indo silahkan pake Ektensi ini 

Firefox: https://addons.mozilla.org/en-US/firefox/addon/traduzir-paginas-web/ 

Chome: https://chrome.google.com/webstore/detail/google-translate/aapbdbdomjkkjkaonfhkkikfgjllcleb/RK%3D2/RS%3DBBFW_pnWkPY0xPMYsAZI5xOgQEE-

1 komentar

1 komentar

  • yusron musta'in
    yusron musta'in
    27 Januari 2022 pukul 06.26
    Lmao great