Extensions I Use For My Bug Bounty Hunting in 2024, Part-1. 🧑🏻‍💻

5 min readJan 16, 2024

Hi, Ajak Amico’s welcome back to another blog today. I will show you the Top 10 Extensions I use For my Bug Bounty journey that makes the process of hunting so easy. And all the mentioned extensions are professionally used by all security researchers. Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇

Follow our Youtube Channel: @ajakcybersecurity (361 Videos)
Follow on Instagram: @ajakcybersecurity

Foxy Proxy.

Have you ever tried the burp suite? If you’ve already used it, you may know that this extension. This extension acts as the intermediary between the browser and the burp suite; it creates a proxy to the burp suite from the browser, You can turn it on and off when you need. Instead of connecting your proxy manually, we can simply use this extension. It saves more time, though.

2) Shodan

The usage of this extension is It tells you where the website is hosted (country, city), who owns the IP, and what other services and ports are open. The Shodan plugin for Chrome automatically checks whether Shodan has any information for the current website. In order to find open ports and the public IP of the target, I use this extension. This extension is used professionally used by all security researchers.

3) Wappalyzer

It is the most popular extension and one of my favourite extensions. It gives you information about the technology used on the website. It gives clearly version. Also, using that information, we can search for the exploit for that particular vulnerability and start exploiting it. In order to find the versions of a specific technology, I use this Wappalyzer extension.

4) Hunter

Many of them struggle to find the email addresses of their target company or organization, right? Don’t worry this extension is for you, it can easily fetch the email which is been used by employees in the company, and using the extension, you can easily figure out the Email address. This process happens via OSINT. I particularly use this extension to find the Admin email address of my target.

5) Retire.js

It’s my another favourite extension; I know you guys have many tools to extract vulnerabilities in javascript libraries, but I simply use this extension, which saves more time in my recon process. the another advantage of this tool is, It gives an exploit for the vulnerable javascript libraries too.

6) Edit This Cookie

Cookie editors are the developer’s secret weapon for troubleshooting bugs related to cookies and local storage. With their user-friendly interface and real-time manipulation capabilities, these tools simplify the debugging process, allowing developers to efficiently inspect, edit, and copy cookies for improved bug hunting.

7) Security Header Test

I personally use this extension to find simple bugs like CORS, Clickjacking, and XSS. This extension is built to check the presence of embedded security headers, It is used to test the payload in the header of the websites. It can give you what protection is been implemented in the header. If you want to test any website in the header, you can see the protection, which is all enabled by the website owner, according to that, you can perform the test.

8) S3 Bucket List

S3BucketList is a Chrome extension designed to track and record S3 Buckets encountered during web browsing, supporting popular S3 object storages like AWS S3, Storj, Google Cloud Storage, and DigitalOcean Spaces. By utilizing this extension, users can conveniently list the files within these buckets and access detailed information about their configuration.

9) Dotgit

A helpful extension that allows users to check if the .git folder is exposed on visited websites and provides the option to download the entire .git folder in a secure zip format, ensuring better data protection and responsible handling of sensitive information. In order to find sensitive info gathering, I use this specific extension.

10) Hackbar

It is the extension that will allow the user to extend the address bar. This tool is very useful/helpful for security researchers. When we test a web application or web server, it happens so many times that we interact with domains, subdomains, and URLs of the target. We also interact with the browser’s address bar. We keep changing the parameters on the address bar. We keep reloading websites. All these things happen so many times to us. But these types of tasks become time-consuming. It takes lots of time while reloading the websites and keeps changing parameters. To reduce this time and to perform our work fast, we need a tool that can make it less disruptive. Hackbar is an extension or tool that is available freely; you can download it from the Firefox website and use it. Hackbar is a Firefox add-on that behaves like an address bar. Not available in Chrome.