Zacarx

Zacarx / VulnRadar

Public

Web 安全渗透测试工具,包含端点发现、跨域消息追踪、原型污染检测、词表生成和 DOM XSS 检测

27
1
69% credibility
Found Feb 05, 2026 at 18 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
JavaScript
AI Summary

VulnRadar is a browser extension that automatically scans websites for common security issues like exposed sensitive paths, vulnerable code patterns, and data leaks while browsing.

How It Works

1
🔍 Discover VulnRadar

You hear about a handy browser tool that checks websites for hidden safety problems while you browse.

2
📥 Get the Files

Download the simple folder from the sharing site to your computer, like grabbing a free app.

3
🧩 Add to Browser

Open your web browser's add-ons page, turn on a special mode, and load the folder to make it ready.

4
⚙️ Open the Control Panel

Click the new icon in your browser's top bar to see switches for different safety checks – it feels empowering!

5
Pick Your Scan Style
🚀
Quick Check

Tap a button to scan the current page instantly and see spot checks.

🔄
Always On

Flip switches to automatically watch every site you visit without thinking.

6
📊 Watch Results Appear

A neat floating window pops up on the page with colorful tables showing any weak spots or safe areas – exciting discoveries!

Stay Protected

You now spot dangerous spots on websites easily, keeping your browsing safer and more aware.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 18 to 27 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is VulnRadar?

VulnRadar is a JavaScript Chrome extension that turns your browser into a web pentest toolkit, scanning the current page for API endpoints pulled from scripts, sensitive directories like exposed Swagger or Git leaks, DOM XSS sinks, postMessage flows, prototype pollution params, and open redirects. It tests endpoint accessibility with timeouts, sniffs responses for leaked keys or IDs, and flags issues via console tables, draggable top panels, and popup alerts. Developers get one-click scans or auto-runs on page load, no extra tools needed while browsing web domains or github web projects.

Why is it gaining traction?

It skips clunky desktop scanners by injecting directly into tabs, with smart 403 bypasses across eight methods and parallel endpoint tests that highlight sensitive data leaks. The macOS-style results panel resizes, drags, and collapses per module, plus popup summaries make triaging fast—perfect for quick hits on github web ide previews or web scrapers. Devs hook on vuln popups that interrupt safely, unlike passive log watchers.

Who should use this?

Bug bounty hunters probing web domains deutschland sites or github web projects for quick wins on endpoints and XSS. Frontend security auditors validating client-side risks during github web editor sessions. Pentesters scripting web domain kaufen flows or chasing postMessage leaks without firing up Burp.

Verdict

Grab it for ad-hoc scans on suspicious pages—20 stars and 0.7% credibility score show it's raw but functional, with clear README install steps and MIT license. Maturity lags on edge cases; test thoroughly before trusting on prod hunts.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.