The essential Chrome extension for bug bounty hunters and penetration testers
Passively detect debug parameters, sensitive headers, and exposed paths while you browse.

Finding debug endpoints and exposed configuration files is a common technique in bug bounty hunting. debugHunter automates this process by passively scanning every website you visit, alerting you when it discovers:

• 🔧 Debug Parameters — ?debug=1, ?env=dev, ?XDEBUG_SESSION_START=phpstorm
• 📨 Sensitive Headers — X-Forwarded-Host: localhost, X-Original-URL: /admin
• 📁 Exposed Paths — /.env, /.git/config, /actuator/env, /phpinfo.php

All findings are classified by severity so you can focus on critical issues first.

?debug=1              ?_debug=true           ?debug_mode=1
?XDEBUG_SESSION_START ?XDEBUG_SESSION=1      ?debugbar=1
?profiler=1           ?trace=1               ?verbose=1
?show_errors=1        ?display_errors=1      ?dev_mode=1
?phpinfo=1            ?error_reporting=E_ALL ?env=dev
?env=staging          ?env=pre               ?env=sandbox
?environment=dev      ?staging=1             ?beta=1
?internal=1           ?test=1                ?admin=1

X-Debug: 1
X-Forwarded-Host: localhost
X-Forwarded-For: 127.0.0.1
X-Original-URL: /admin
X-Env: dev
Env: pre
Env: dev

/.env                 /.git/config          /config.json
/.env.local           /.env.production      /credentials.json
/auth.json            /secrets.json         /database.yml
/wp-config.php.bak    /.aws/credentials     /backup.sql
/dump.sql             /.htpasswd            /actuator/env
/actuator/heapdump

/.git/HEAD            /.git/logs/HEAD       /.svn/entries
/phpinfo.php          /info.php             /graphiql
/__debug__            /debug                /server-status
/elmah.axd            /trace.axd            /rails/info/properties
/package.json         /composer.json

/swagger-ui.html      /swagger.json         /api-docs
/openapi.json         /web.config           /.htaccess            
/Dockerfile           /docker-compose.yml

git clone https://github.com/devploit/debugHunter.git

1. Open chrome://extensions/
2. Enable Developer mode (top right)
3. Click Load unpacked
4. Select the debugHunter folder
5. Pin the extension to your toolbar

1. Download the latest .zip from Releases
2. Extract and load via chrome://extensions/ → Load unpacked

1. Browse normally — debugHunter scans passively in the background
2. Check the badge — Number indicates findings count (color = severity)
3. Click the icon — View findings by category: Paths, Headers, Parameters
4. Review & verify — Click any finding to open in new tab

Access settings via the gear icon in the popup:

A test environment is included to verify the extension works correctly:

cd test/
./start-server-macos.command    # macOS (opens browser automatically)
./start-server.sh               # Linux/other

This starts a local server on port 9000 with fake sensitive files and debug endpoints.

• Manifest V3 — Chrome MV3 compliant
• Permissions — storage, tabs, <all_urls>
• Background — Service Worker (event-driven)
• Privacy — All analysis happens locally, no external requests

• Complete rewrite with Manifest V3
• Multi-factor detection engine
• Severity classification system
• Response diff viewer
• Search and filter functionality
• Smart rate limiting with exponential backoff
• Dynamic content filtering
• 4 configurable detection modes
• New dark UI
• 46 sensitive paths (up from 17)
• Optimized requests with HEAD checks and caching

• Initial release with basic parameter detection

• Report bugs — Open an issue with reproduction steps
• Add patterns — Submit PRs with new parameters, headers, or paths
• Improve docs — Help make the README clearer

MIT License. See LICENSE for details.

This tool is for authorized security testing only. Always obtain proper authorization before testing web applications you do not own.

debugHunter — Exposing what should stay hidden
_{Made with ♥ for the bug bounty community}