> For the complete documentation index, see [llms.txt](https://sec88.0x88.online/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sec88.0x88.online/web-appsec/tools-extensions-and-softwares.md). # Tools-Extensions-Bookmarks ## Tools * Burp Suite * * * [https://github.com/0xAnuj/Blinks
](https://github.com/0xAnuj/Blinks)(Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality.) * [https://github.com/JesseClarkND/abnormalizer
](https://github.com/JesseClarkND/abnormalizer)(IDN Homograph Attack) * (IDN Homograph Attack) * [https://lock.cmpxchg8b.com/rebinder.html
](https://lock.cmpxchg8b.com/rebinder.html)(Test DNS Rebinding Attack) * [https://github.com/robre/jsmon
](https://github.com/robre/jsmon)(javascript change monitoring tool for bugbounties) * (Change monitoring app that checks the content of web pages in different periods) * (Online subdomain finder ) * (For Expliitation of api keys and exposures) * (Homoglyph Attack Generator) * (Radar for bug bounty programs) ## Extensions * * [https://www.wappalyzer.com](https://www.wappalyzer.com/) * * * * * * * * * [https://github.com/yeswehack/PwnFox
](https://github.com/yeswehack/PwnFox) * * [https://github.com/portswigger/methods-discloser
](https://github.com/portswigger/methods-discloser) * ## Bookmarklets > A bookmarklet is a [bookmark](https://en.wikipedia.org/wiki/Bookmark_$digital$) stored in a [web browser](https://en.wikipedia.org/wiki/Web_browser) that contains JavaScript commands that add new features to the browser. They are stored as the [URL](https://en.wikipedia.org/wiki/Uniform_Resource_Locator) of a bookmark in a [web browser](https://en.wikipedia.org/wiki/Web_browser) or as a [hyperlink](https://en.wikipedia.org/wiki/Hyperlink) on a [web page](https://en.wikipedia.org/wiki/Web_page). Bookmarklets are usually small snippets of [JavaScript](https://en.wikipedia.org/wiki/JavaScript) executed when user clicks on them. When clicked, bookmarklets can perform a wide variety of operations, such as running a search query from selected text or extracting data from a table. * Getting paths from the source code and js files {% code overflow="wrap" %} ```javascript javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g;const%20results=new%20Set;for(var%20i=0;i")})}setTimeout(writeResults,3e3);})(); ``` {% endcode %} * Getting urls from the source code of the page {% code overflow="wrap" %} ```javascript javascript:(function(){const decodeHTMLEntities=t=>{const e=document.createElement('textarea');return e.innerHTML=t,e.textContent};const urls=[...new Set([...document.documentElement.outerHTML.matchAll(/https?:\/\/[^\s"%'\>\<]+/g)].map(m=>decodeHTMLEntities(m[0])).filter(url=>/^https?:\/\/[^\s\/$.?#].[^\s]*$/.test(url)))];document.body.innerText=urls.join('\n')})(); ``` {% endcode %} * Getting urls from the all web archives resources (Don't forget add your API Key) {% code overflow="wrap" %} ```javascript javascript:(function(){var domain=prompt("Enter the domain:");if(domain){window.open("https://web.archive.org/cdx/search/cdx?url=*."+domain+"/*&output=text&fl=original&collapse=urlkey","_blank");window.open("https://www.virustotal.com/vtapi/v2/domain/report?apikey=&domain="+domain,"_blank");setTimeout(function(){const decodeHTMLEntities=t=>{const e=document.createElement('textarea');return e.innerHTML=t,e.textContent};const urls=[...new Set([...document.documentElement.outerHTML.matchAll(/https?:\/\/[^\s"%'\>\<]+/g)].map(m=>decodeHTMLEntities(m[0])).filter(url=>/^https?:\/\/[^\s\/$.?#].[^\s]*$/.test(url)))];alert(urls.join('\n'));},5000);window.open("https://urlscan.io/api/v1/search/?q=domain:"+domain+"&size=10000","_blank");window.open("https://otx.alienvault.com/api/v1/indicators/domain/"+domain+"/url_list?limit=500","_blank");window.open("https://index.commoncrawl.org/CC-MAIN-2023-06-index?url=*."+domain+"/*&output=json&fl=timestamp,url,mime,status,digest","_blank");}})(); ``` {% endcode %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sec88.0x88.online/web-appsec/tools-extensions-and-softwares.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.