Nexus is a Chrome Manifest V3 extension designed for passive web security reconnaissance. Built for pentesters and bug bounty hunters, it automatically detects exposed API keys, sensitive tokens, configuration files, technology stacks, and security misconfigurations as you browse.
- Passive Scanning: Detects 70+ sensitive patterns (AWS, Google, Stripe, Slack, etc.) without sending malicious payloads.
- Technology Fingerprinting: Identifies frameworks (React, Next.js, Vue), CMSs, and analytics tools.
- Path Probing: Checks for sensitive paths like
.env,.git/config,sitemap.xml, and admin panels. - Secure Architecture: Runs entirely in the browser. No data is sent to external servers.
- Professional Reporting: Exports findings to JSON or a standalone HTML report suitable for pentest deliverables.
- Clone this repository:
git clone https://github.com/intelseclab/nexus.git
- Open Chrome and navigate to
chrome://extensions/. - Enable Developer mode (top right).
- Click Load unpacked and select the extension directory.
- Browse target websites normally.
- The Nexus icon badge will show the count of findings.
- Click the extension icon to view detailed findings, site technology profile, and export options.
This project uses vanilla JavaScript (no build step required).
manifest.json: Configuration and permissions.background.js: Service worker for header analysis and state management.content.js: DOM scanner and page analysis.scanner/: Core detection logic and patterns.popup/: UI implementation.
Nexus does NOT collect or transmit any user data. All scanning is performed locally within your browser. For more details, see our Privacy Policy.
MIT