Web Explode — macallan

WebExplode is an all-in-one browser extension designed for pentesters, bug bounty hunters, and security researchers. Built on the modern Manifest V3 architecture, it combines 5 powerful modules into a single suite, turning your browser into a security testing laboratory.

Complete Privacy: The extension has zero external dependencies, strictly avoids the use of innerHTML, and never transmits user data to an external server. All operations happen 100% locally in your browser.

The Arsenal (Included Modules):

🐍 Venom (Payload Injector): Injects XSS, SQLi, LFI, and SSRF payloads directly into input fields. Uses smart injection techniques (native prototype setters) to bypass synthetic event traps in frameworks like React and Vue. Easily accessible via a right-click context menu.

🧩 Decode (Cryptography): An offline and real-time encoder/decoder for URL, Base64, Hex, and HTML Entities. It also features a JWT payload debugger and asynchronous SHA-1/256/512 hash calculation.

🕵️‍♂️ Spy (Reconnaissance): Identifies the technology stack (Frameworks, CMS, etc.) of the active tab. Intercepts and analyzes HTTP response headers to find security gaps (CSP, HSTS). Performs DNS lookups via Cloudflare DoH.

🪓 Forge (Session & WAF): Attempts to bypass WAF configurations by injecting IP spoofing headers (X-Forwarded-For, etc.). Hunts for sensitive Tokens/JWTs in LocalStorage and SessionStorage, and generates instant CSRF Proof-of-Concept forms.

🐺 Hound (Source Code Scraper): Fetches and analyzes client-side JavaScript files (both inline and external). Discovers forgotten secrets such as AWS keys, Stripe APIs, Google API keys, and JWTs using regex.