EdinLyle

EdinLyle / Butter_Cookie

Public

黄油曲奇是一款集成化渗透测试浏览器插件,专为安全测试人员和开发者设计。它提供了丰富的安全测试工具,包括信息收集、XSS测试、SQL注入测试、端点安全扫描、Shodan主机信息查询以及多种辅助工具,帮助用户快速识别和评估Web应用的安全漏洞。

19
1
69% credibility
Found Mar 31, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
JavaScript
AI Summary

A browser add-on that scans websites for security vulnerabilities such as DOM XSS, exposed endpoints, sensitive directories, and tracks cross-site messages, displaying results in a floating panel.

How It Works

1
🔍 Discover the security checker

You hear about a simple browser tool that spots hidden weaknesses on websites.

2
🛠️ Add to your browser

You easily install it into your web browser with a few clicks.

3
🌐 Visit a website

You go to any site you're curious about, like a login page or app.

4
Automatic scan starts

The tool quietly checks the page for common security slips and secret paths without you lifting a finger.

5
📊 Results appear

A handy side panel pops up showing issues found, like vulnerable spots or exposed areas.

6
🔎 Explore and investigate

You click around the findings, test links, or right-click to search for more details on shady sites.

🛡️ Feel more secure

You now know the site's weak points and can browse smarter, staying one step ahead of risks.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Butter_Cookie?

Butter_Cookie is a JavaScript browser extension that packs pentesting tools into your Chrome workflow, scanning web apps for XSS flaws, exposed endpoints, sensitive directories like Swagger or Actuator, and postMessage leaks. It auto-runs detectors on page loads, pulls Shodan host intel via right-click menus, and displays results in a draggable floating panel with test buttons for quick endpoint probes. Like a butter cookie recipe—simple mix of butter, cookie, and JavaScript that delivers fast vulnerability intel without leaving your tab.

Why is it gaining traction?

It stands out by bundling recon, active scans, and 403 bypass tricks (like URL encoding or double slashes) into one extension, skipping the hassle of juggling Burp, Nuclei, or separate Shodan tabs. Developers notice the instant results panel, input highlighters for fuzzing forms, and deep sniffs for API keys or JWTs in JS—pure time-savers for spotting low-hanging fruit. The butter cookies danish vibe? Effortless, like grabbing butter cookies danisa for a quick security boost.

Who should use this?

Penetration testers probing client-side vulns during recon phases, bug bounty hunters chaining Shodan lookups with endpoint fuzzing, and backend devs auditing their own APIs for leaks like butter cookies peanut butter surprises. Ideal for red teamers needing on-the-fly DOM XSS hooks or prototype pollution checks without spinning up VMs. Skip if you're deep into enterprise scanners— this shines for quick, browser-native hits.

Verdict

Grab it for lightweight pentests if you're okay with its early maturity: 19 stars and 0.7% credibility score signal room for polish in docs and tests, but the core scans deliver real value today. Solid starter for JavaScript-savvy security folks; watch for updates on butter cookies with brown butter refinements.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.