HuntKit by x-default
Bug bounty recon toolkit — headers, params, JS finder, payloads & notes
Extension Metadata
Screenshots
About this extension
HuntKit — Bug Bounty Recon Toolkit for security researchers.
🔍 Recon — 1-click: crt.sh, Shodan, Wayback, VirusTotal, Censys, DNSDumpster
📡 Headers — Live response headers + missing security headers alert (CSP, HSTS, X-Frame)
🚪 Params — Extract URL params, auto-highlight risky ones (redirect, url, file, src)
📜 JS Finder — Detect all JS files & links on any page
🧪 Payloads — XSS, SQLi, LFI, SSRF, RCE reference + 1-click URL inject
📋 Notes — Save recon notes per target domain
🎯 Scope — Add in-scope domains, auto green/red indicator
⚡ Copy Tools — Domain, URL, params, path + encode/decode (Base64, URL, Hex)
For authorized security testing and bug bounty programs only.
🔍 Recon — 1-click: crt.sh, Shodan, Wayback, VirusTotal, Censys, DNSDumpster
📡 Headers — Live response headers + missing security headers alert (CSP, HSTS, X-Frame)
🚪 Params — Extract URL params, auto-highlight risky ones (redirect, url, file, src)
📜 JS Finder — Detect all JS files & links on any page
🧪 Payloads — XSS, SQLi, LFI, SSRF, RCE reference + 1-click URL inject
📋 Notes — Save recon notes per target domain
🎯 Scope — Add in-scope domains, auto green/red indicator
⚡ Copy Tools — Domain, URL, params, path + encode/decode (Base64, URL, Hex)
For authorized security testing and bug bounty programs only.
Rated 0 by 0 reviewers
Permissions and data
Required permissions:
- Access browser tabs
- Access your data for all websites
Required data collection, according to the developer:
- Website activity
More information
- Add-on Links
- Version
- 2.0.0
- Size
- 50.77 KB
- Last updated
- 5 days ago (Apr 4, 2026)
- Related Categories
- License
- Mozilla Public License 2.0
- Version History
- Add to collection