EndPointer is a browser extension designed for ethical hackers and web developers to discover potentially vulnerable endpoints on the current webpage and its linked JavaScript files. It offers customizable features that allow users to control the scan settings, making it adaptable for various use cases. One standout feature is its ability to capture dynamically loaded JavaScript files, ensuring even asynchronously loaded scripts are analyzed. With EndPointer, users can efficiently identify exposed endpoints and improve the security posture of web applications. This extension was made using our custom extension template in react with many features: https://github.com/LordCat/PlaceHolder-Extension
Key Features:
- URL/Endpoint parsing: Parse for URLs in the current webpage and externally linked javascript files
- Dynamic Script Loading: Parses and checks for dynamically loaded script tags upon initial load
- Auto parsing: Parses automatically when the document is loaded
- Manual parsing: Parses when the "REPARSE" button is clicked
- ...
To streamline the use of these tools, we've created an easy-to-navigate menu that lets you quickly select the information you need. Below, you can find information for downloading the tool, exploring its features, checking ongoing development, and learning about our generous contributors.
You have several options to download the extension. You can install it directly from the Chrome Web Store or, if you're using Firefox, from the Firefox Add-ons site. Alternatively, you can download the extension from GitHub, giving you access to the source code. For those who want to load it up locally: be sure to run npm i && npm run build
to download all packages and to create the dist/ file. Then, load the dist/ file as unpacked in Chrome/Firefox.
EndPointer offers a wide range of capabilities aimed at simplifying the process of finding and analyzing endpoints across webpages and JavaScript files. Designed with flexibility and ease of use in mind, this tool allows users to control parsing behavior, interact with results, and dynamically capture changes in web content. Whether you need real-time updates or manual control, EndPointer provides the tools necessary to streamline the process of endpoint discovery and security analysis.
Key Features:
Key Feature | Description |
---|---|
URL/Endpoint Parsing: | Extracts URLs from the current webpage and externally linked JavaScript files. |
Dynamic Script Loading: | Automatically parses dynamically loaded script tags upon initial load. |
Auto Parsing: | Automatically triggers parsing when the document is fully loaded. |
Manual Parsing: | Provides the option to manually trigger parsing using the "REPARSE" button. |
Scope Declaration: | Allows users to define parsing scope based on the second-level domain (SLD) and top-level domain (TLD), or individual subdomains. |
Concurrent Request Setting: | Configures the number of concurrent requests to optimize performance during scans. |
Interactive UI: | Offers multiple interface options, including DevTools, popups, and web page interactions. |
Interactivity with URLs: | Search, filter, view code snippets, and inspect responses for each URL. |
Output Results: | Provides different viewing formats, such as Default View and Tree View, for better clarity. |
Output Saving: | Export results in TXT, CSV, or raw unmodified formats for further analysis. |
Dynamic Loading/Live Updating: | URL results and counts are updated in real-time without requiring page refreshes. |
CSP friendly: | Compatible with web apps with strict CSP policies. |
Browser States: | Can parse URLs in an authenticated state or states relying the use of local storage and indexeddb. |
We are committed to consistently improving this tool with regular updates and welcome contributions from the community to enhance its functionality. That’s why we’ve made it open source, enabling individuals to contribute their improvements. Here are some of the latest developments and fixes:
Developments:
- Development 1
- Development 2
- Development 3
Fixes:
- Fixe 1
- Fixe 2
- Fixe 3
This tool has been developed in-house by Interloper Security Group, a loose knit collection of developers and cybersecurity specialists. The tool has benefited from the invaluable contributions of individuals who have helped enhance specific features and functionality. We would like to acknowledge and thank those who have generously offered their expertise and support. Your efforts have played a key role in making this tool more robust and effective.
Creators / Developers:
Contributors:
How to contribute:
- Clone the repo
- Create a branch called Contribution/{feature name}
- Send a pull request to this repo with your changes from Contribution/{feature name}
The tool provided on this GitHub page is intended for educational and research purposes only. The creators and maintainers of this tool are not responsible for any misuse or illegal use of the tool. It is the responsibility of the users to ensure that they comply with all applicable laws and regulations while using the tool.