![]()
The essential Chrome extension for bug bounty hunters and penetration testers
Passively detect debug parameters, sensitive headers, and exposed paths while you browse.
Finding debug endpoints and exposed configuration files is a common technique in bug bounty hunting. debugHunter automates this process by passively scanning every website you visit, alerting you when it discovers:
?debug=1, ?env=dev, ?XDEBUG_SESSION_START=phpstormX-Forwarded-Host: localhost, X-Original-URL: /admin/.env, /.git/config, /actuator/env, /phpinfo.phpAll findings are classified by severity so you can focus on critical issues first.
| Feature | Description |
|---|---|
| Multi-Factor Detection | Combines status codes, content analysis, headers, and debug indicators |
| Severity Classification | Critical, High, Medium, Low — prioritize what matters |
| Smart Rate Limiting | Exponential backoff prevents WAF blocks |
| Response Diff Viewer | Compare original vs modified responses side-by-side |
| Search & Filter | Find specific domains or keywords across all findings |
| Configurable Modes | Smart, Aggressive, Conservative, Keywords-only |
| Low False Positives | Dynamic content filtering removes timestamps, tokens, sessions |
Debug Parameters (25+)
?debug=1 ?_debug=true ?debug_mode=1
?XDEBUG_SESSION_START ?XDEBUG_SESSION=1 ?debugbar=1
?profiler=1 ?trace=1 ?verbose=1
?show_errors=1 ?display_errors=1 ?dev_mode=1
?phpinfo=1 ?error_reporting=E_ALL ?env=dev
?env=staging ?env=pre ?env=sandbox
?environment=dev ?staging=1 ?beta=1
?internal=1 ?test=1 ?admin=1
Sensitive Headers (7)
X-Debug: 1
X-Forwarded-Host: localhost
X-Forwarded-For: 127.0.0.1
X-Original-URL: /admin
X-Env: dev
Env: pre
Env: dev
Sensitive Paths (46)
Critical
/.env /.git/config /config.json
/.env.local /.env.production /credentials.json
/auth.json /secrets.json /database.yml
/wp-config.php.bak /.aws/credentials /backup.sql
/dump.sql /.htpasswd /actuator/env
/actuator/heapdump
High
/.git/HEAD /.git/logs/HEAD /.svn/entries
/phpinfo.php /info.php /graphiql
/__debug__ /debug /server-status
/elmah.axd /trace.axd /rails/info/properties
/package.json /composer.json
Medium
/swagger-ui.html /swagger.json /api-docs
/openapi.json /web.config /.htaccess
/Dockerfile /docker-compose.yml
git clone https://github.com/devploit/debugHunter.git
chrome://extensions/debugHunter folder.zip from Releaseschrome://extensions/ → Load unpackedAccess settings via the gear icon in the popup:
| Setting | Default | Description |
|---|---|---|
| Detection Mode | Smart | Smart / Aggressive / Conservative / Keywords-only |
| Similarity Threshold | 0.90 | How similar responses must be to ignore |
| Min Length Diff | 200 | Minimum bytes difference to flag |
| Check Interval | 8 hours | Re-check interval for same URL |
| Base Delay | 300ms | Delay between requests (auto-adjusts) |
| Whitelist | Empty | Domains to skip |
A test environment is included to verify the extension works correctly:
cd test/
./start-server-macos.command # macOS (opens browser automatically)
./start-server.sh # Linux/other
This starts a local server on port 9000 with fake sensitive files and debug endpoints.
storage, tabs, <all_urls>MIT License. See LICENSE for details.
This tool is for authorized security testing only. Always obtain proper authorization before testing web applications you do not own.
debugHunter — Exposing what should stay hidden
Made with ♥ for the bug bounty community
$ claude mcp add debugHunter \
-- python -m otcore.mcp_server <graph>