castilho101 / CallMe

Public

An extension to find callback endpoints in the background while searching the Web

100% credibility

Found Mar 13, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

JavaScript

AI Summary

A Chrome browser extension that automatically detects and catalogs websites with JSONP callback endpoints by monitoring and testing web requests during normal browsing.

How It Works

🔍 Discover CallMe

You find this handy browser tool online that spots special web links while you surf the internet.

🛠️ Add to your browser

You easily load it into your Chrome browser's extensions area so it can start working quietly in the background.

🌐 Browse the web normally

As you visit sites and use apps, the tool watches network activity and checks for those special links without interrupting you.

📊 Spot the red badge

A little red square appears on your browser toolbar, showing the number of interesting links it has found so far.

📱 Open the popup window

Click the red icon to see a neat list of the discovered links, complete with details on how they work.

🔍 Search and pick favorites

Use the search box to find specific ones, copy links to your clipboard, or save the whole list as a file.

✅ Review your discoveries

You now have a clean list of those special web spots to study, share, or use however you like, all safely collected.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 19 to 20 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is CallMe?

CallMe is a JavaScript Chrome extension that passively scans web requests in the background to uncover JSONP callback endpoints, like those using "callback" or "jsonp" parameters, while you browse. It injects a unique marker into potential params, validates reflections in responses to avoid false positives, and collects confirmed hits in a searchable popup UI. Developers get a catalog of exploitable endpoints ready for copy, filter, or JSON export—no manual probing required.

Why is it gaining traction?

It automates discovery of legacy JSONP vulns that active tools miss, with per-host deduping and response validation ensuring clean results. The popup offers quick search, copy buttons for probe URLs, and one-click exports, beating clunky alternatives like generic finder extensions for emails, colors, fonts, music, or songs. Niche hooks draw security folks hunting callmebot-style endpoints amid the noise of callmechat bots or extension findthatlead clones.

Who should use this?

Bug bounty hunters probing sites for JSONP injections during recon. Security auditors reviewing legacy APIs on callmebot whatsapp services or callmeier endpoints. Reverse engineers mapping old web apps, skipping tedious parameter fuzzing like in extension github copilot workflows.

Verdict

Grab it for targeted JSONP hunts—19 stars and 1.0% credibility score signal early-stage maturity with no tests, but crisp README and unpacked install make it low-risk to try. Solid for side projects, but verify findings manually before prime-time use.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 20 stars

Penalty: Very new repo (2d): -70%

Bonus: AI verified quality (100%)

Account age: 2,226 days

Repo age: 2 days

Updated: Mar 14, 2026