fengchenzxc

fengchenzxc / SnowEyesPlus

Public

前端信息收集与 DOMXSS 审计工作台

21
0
100% credibility
Found Apr 01, 2026 at 21 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
JavaScript
AI Summary

SnowEyesPlus is a browser extension that audits websites for frontend security issues like information leaks, technology fingerprints, DOM XSS vulnerabilities, with reporting, verification tools, and AI assistance.

How It Works

1
🛒 Add the helper to your browser

You grab SnowEyesPlus from the browser store and add it like any handy extension—it starts watching sites right away.

2
🌐 Visit any website

As you browse normally, it quietly checks the page for hidden clues about security weak spots and tech used.

3
🔍 Spot the discovery badge

A little number pops up on the icon, exciting you that it found interesting info like vulnerabilities or tech fingerprints.

4
📱 Open your security dashboard

Click the icon to see organized lists of findings, reports, and details in a simple popup workspace.

5
Pick what to explore
📊
View scans

See lists of domains, APIs, leaks, and more at a glance.

📋
Check reports

Dive into saved vulnerability details with chains and advice.

🆔
See tech fingerprints

Discover servers, libraries, and tools powering the site.

6
🛠️ Verify and get smart help

For a flagged issue, run checks, replay proofs, or chat with AI for quick judgment on real risks.

Export and act confidently

Save polished reports, understand fixes, and make sites safer feeling like a pro auditor.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 21 to 21 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is SnowEyesPlus?

SnowEyesPlus is a JavaScript browser extension that scans web pages for frontend assets like APIs, routes, credentials, and phone numbers while identifying tech stacks via unified fingerprinting. It specializes in DOMXSS detection by tracing source-sink chains, generating structured reports with PoC hints and fix advice. Developers get a full audit workbench: report management, console verification, one-click payload injection, and AI triage for false positives—all in Manifest V3.

Why is it gaining traction?

Unlike basic scanners, it closes the loop from detection to verification with dynamic console probes, auto-PoC triggers across query/hash/routes, and AI chats for debugging chains. The upgraded fingerprint engine fuses Wappalyzer, kscan, and custom rules with misreport suppression, delivering reliable tech IDs without noise. Users notice instant badge counts, exportable reports, and a debug view for evidence chains.

Who should use this?

Frontend security auditors hunting DOMXSS in single-page apps, bug bounty hunters verifying JavaScript sinks on the fly, and pen-testers auditing iframes/multi-frames without proxy setups. Ideal for teams triaging client-side vulns before backend scans.

Verdict

Grab it if DOMXSS is your focus—solid workflow beats fragmented tools, despite 19 stars and 1.0% credibility signaling early maturity. Polish docs and add tests to boost adoption; it's a promising workbench worth forking.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.