MCPcopy Index your code
hub / github.com/devploit/debugHunter

github.com/devploit/debugHunter @v2.0.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v2.0.0 ↗ · + Follow
55 symbols 145 edges 6 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

debugHunter

debugHunter

Discover Hidden Debug Endpoints & Development Environments

Release License Contributions Welcome

The essential Chrome extension for bug bounty hunters and penetration testers

Passively detect debug parameters, sensitive headers, and exposed paths while you browse.


Why debugHunter?

Finding debug endpoints and exposed configuration files is a common technique in bug bounty hunting. debugHunter automates this process by passively scanning every website you visit, alerting you when it discovers:

  • 🔧 Debug Parameters?debug=1, ?env=dev, ?XDEBUG_SESSION_START=phpstorm
  • 📨 Sensitive HeadersX-Forwarded-Host: localhost, X-Original-URL: /admin
  • 📁 Exposed Paths/.env, /.git/config, /actuator/env, /phpinfo.php

All findings are classified by severity so you can focus on critical issues first.

Features

Feature Description
Multi-Factor Detection Combines status codes, content analysis, headers, and debug indicators
Severity Classification Critical, High, Medium, Low — prioritize what matters
Smart Rate Limiting Exponential backoff prevents WAF blocks
Response Diff Viewer Compare original vs modified responses side-by-side
Search & Filter Find specific domains or keywords across all findings
Configurable Modes Smart, Aggressive, Conservative, Keywords-only
Low False Positives Dynamic content filtering removes timestamps, tokens, sessions

Detection Coverage

Debug Parameters (25+)

?debug=1              ?_debug=true           ?debug_mode=1
?XDEBUG_SESSION_START ?XDEBUG_SESSION=1      ?debugbar=1
?profiler=1           ?trace=1               ?verbose=1
?show_errors=1        ?display_errors=1      ?dev_mode=1
?phpinfo=1            ?error_reporting=E_ALL ?env=dev
?env=staging          ?env=pre               ?env=sandbox
?environment=dev      ?staging=1             ?beta=1
?internal=1           ?test=1                ?admin=1

Sensitive Headers (7)

X-Debug: 1
X-Forwarded-Host: localhost
X-Forwarded-For: 127.0.0.1
X-Original-URL: /admin
X-Env: dev
Env: pre
Env: dev

Sensitive Paths (46)

Critical

/.env                 /.git/config          /config.json
/.env.local           /.env.production      /credentials.json
/auth.json            /secrets.json         /database.yml
/wp-config.php.bak    /.aws/credentials     /backup.sql
/dump.sql             /.htpasswd            /actuator/env
/actuator/heapdump

High

/.git/HEAD            /.git/logs/HEAD       /.svn/entries
/phpinfo.php          /info.php             /graphiql
/__debug__            /debug                /server-status
/elmah.axd            /trace.axd            /rails/info/properties
/package.json         /composer.json

Medium

/swagger-ui.html      /swagger.json         /api-docs
/openapi.json         /web.config           /.htaccess            
/Dockerfile           /docker-compose.yml

Installation

Option 1: Clone Repository

git clone https://github.com/devploit/debugHunter.git
  1. Open chrome://extensions/
  2. Enable Developer mode (top right)
  3. Click Load unpacked
  4. Select the debugHunter folder
  5. Pin the extension to your toolbar

Option 2: Download Release

  1. Download the latest .zip from Releases
  2. Extract and load via chrome://extensions/Load unpacked

Usage

  1. Browse normally — debugHunter scans passively in the background
  2. Check the badge — Number indicates findings count (color = severity)
  3. Click the icon — View findings by category: Paths, Headers, Parameters
  4. Review & verify — Click any finding to open in new tab

Configuration

Access settings via the gear icon in the popup:

Setting Default Description
Detection Mode Smart Smart / Aggressive / Conservative / Keywords-only
Similarity Threshold 0.90 How similar responses must be to ignore
Min Length Diff 200 Minimum bytes difference to flag
Check Interval 8 hours Re-check interval for same URL
Base Delay 300ms Delay between requests (auto-adjusts)
Whitelist Empty Domains to skip

Testing

A test environment is included to verify the extension works correctly:

cd test/
./start-server-macos.command    # macOS (opens browser automatically)
./start-server.sh               # Linux/other

This starts a local server on port 9000 with fake sensitive files and debug endpoints.

Technical Details

  • Manifest V3 — Chrome MV3 compliant
  • Permissionsstorage, tabs, <all_urls>
  • Background — Service Worker (event-driven)
  • Privacy — All analysis happens locally, no external requests

Changelog

v2.0.0

  • Complete rewrite with Manifest V3
  • Multi-factor detection engine
  • Severity classification system
  • Response diff viewer
  • Search and filter functionality
  • Smart rate limiting with exponential backoff
  • Dynamic content filtering
  • 4 configurable detection modes
  • New dark UI
  • 46 sensitive paths (up from 17)
  • Optimized requests with HEAD checks and caching

v1.x

  • Initial release with basic parameter detection

Contributing

  • Report bugs — Open an issue with reproduction steps
  • Add patterns — Submit PRs with new parameters, headers, or paths
  • Improve docs — Help make the README clearer

License

MIT License. See LICENSE for details.

Disclaimer

This tool is for authorized security testing only. Always obtain proper authorization before testing web applications you do not own.


debugHunter — Exposing what should stay hidden

Made with ♥ for the bug bounty community

Core symbols most depended-on inside this repo

getFindings
called by 9
background.js
rateLimitedFetch
called by 8
background.js
getSettings
called by 6
background.js
truncateForStorage
called by 5
background.js
saveOption
called by 4
options.js
setupRangeInput
called by 4
options.js
setupCheckbox
called by 4
options.js
saveFindings
called by 4
background.js

Shape

Function 55

Languages

TypeScript100%

Modules by API surface

background.js26 symbols
popup.js16 symbols
options.js11 symbols
similarity.min.js1 symbols
similarity.js1 symbols

For agents

$ claude mcp add debugHunter \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact