Browser extensions for security researchers

Yannick Boog
5 min readJan 7, 2023
Photo by Philipp Katzenberger on Unsplash

It is generally recommended to use as few browser extensions as possible, as each extension gains access to certain areas of your browser and online activity. This can result in personal data being revealed or your browser becoming more vulnerable to attacks. It is therefore important to carefully consider whether an extension is truly necessary and if the permissions it requests are appropriate. It is also advisable to regularly review which extensions are installed and whether they are still needed.

Wayback Machine is an extension that allows users to visit and view past versions of websites. The service is operated by the Internet Archive, a non-profit organization, and stores daily copies of thousands of websites from across the internet. With the Wayback Machine extension, users can easily access the stored copies and view past versions of websites to track changes or access outdated information. Chrome/Firefox

Web Archives is an extension that allows you to find archived and cached versions of web pages, and supports more than 10 search engines. Chrome/Firefox

d3coder is a Chrome extension that allows users to encode, decode, and hash text on websites. It integrates with the user’s browser and provides a variety of tools for working with text, including options for base64 encoding and decoding, hex encoding and decoding, and various hash functions. Chrome

Retire.js is an extension that helps users detect and manage vulnerable JavaScript libraries in their web applications. It scans web pages for use of known vulnerable JavaScript libraries and provides a report of the findings, including recommendations for how to fix the vulnerabilities. Chrome/Firefox

Trufflehog is an extension that searches for API keys and login credentials on visited websites and alerts you if any are present. Chrome

DotGit is an extension that checks if a .git/.svn/.hg folder exists for each site you visit, checks if a .env file exists for each site you visit, and checks if the site has a security.txt file. Chrome/Firefox

Laboratory is an extension that helps users generate a proper Content Security Policy (CSP) header for their website. The extension integrates with the user’s browser and allows them to generate a CSP header with a single click. It also displays the results of the recording in the extension, making it easy for users to quickly review the CSP header of their website. Chrome/Firefox

YesWeHack VDP Finder is an extension that allows users to check if a website has a security.txt or a Vulnerability Disclosure Program. The security.txt is a security policy proposed by the Internet Engineering Task Force that allows companies to provide information on how security researchers can contact them to report potential vulnerabilities. A Vulnerability Disclosure Program is a formal program set up by companies or organizations to allow security researchers to report and fix vulnerabilities in their systems. Chrome/Firefox

VT4Browsers is an extension that allows users to check files and URLs against VirusTotal’s database of over 70 million known viruses and other threats. The extension integrates with the user’s browser and allows them to scan files and URLs with a single click. It also displays the results of the scan in the browser, making it easy for users to quickly assess the safety of a file or URL. Chrome/Firefox

Sputnik is an extension that allows users to quickly and easily search IPs, domains, file hashes, and URLs using Open Source Intelligence (OSINT) resources. It integrates with the user’s browser and provides a variety of tools for searching and investigating online threats and suspicious activity. Sputnik is a useful tool for security researchers, law enforcement, and anyone looking to gather information on potential threats or malicious activity on the web. Chrome/Firefox

ThreatPinch Lookup is an extension that allows users to check IP addresses, domains, and URLs against multiple threat intelligence feeds. It integrates into the user’s browser and provides real-time information on potential threats, including malware, phishing, spam, and other types of cyber threats. Chrome/Firefox

IP Address and Domain Information is an extension that allows you to obtain information about IP addresses and domains. The extension displays the IP address of the currently visited website and provides additional information such as the location of the IP address, the network provider, and the domain name. The extension can also be used to obtain information about other IP addresses and domains by simply entering them in the search field. Chrome/Firefox

Netcraft is an extension that allows you to obtain information about websites. The extension collects data on the technologies used, hosting infrastructure, and security measures of websites and displays this information in the browser extension. It can also be used to check the security of websites and identify potential vulnerabilities. Chrome/Firefox

Shodan is an extension that allows you to search the internet for specific devices or services. The extension collects information about devices connected to the internet, such as routers, servers, webcams, and more, and displays this information in the browser extension. Chrome/Firefox

Pulsedive Threat Intelligence is an extension that allows you to retrieve threat information from websites and IP addresses. The extension collects data from various threat intelligence sources and displays it in the browser extension. This includes information about malware, phishing attacks, and other threats. Chrome/Firefox

CrowdScrape is an extension that allows users to extract data from websites and export it in various formats. It integrates into the user’s browser and provides a range of tools for extracting and formatting data from websites, including options for selecting specific elements, filtering data, and converting data into different formats. Chrome

User-Agent Switcher and Manager is an extension that allows the user to change and manage the user agent sent by their browser. This can be useful in getting certain websites to display certain content or improving compatibility with certain websites. The extension provides an easy way to switch and save user agents to be used later. Chrome/Firefox

Dear reader,

Thank you for taking the time to read my article. If you would like to read more from me, I would be very happy if you follow me to receive future articles from me. Thank you for your support!

Best regards Yannick Boog

--

--