Phantom
Phantom is a browser extension designed for SRC vulnerability mining, focusing on collecting sensitive information and suspicious clues from web pages. It supports various scanning methods and features:
Key Features:
- Basic Scanning: Automatically extracts APIs, URLs, domain names, emails, phone numbers, paths, parameters, comments, and various tokens/keys from the page.
- Deep Recursive Scanning: Crawls multiple layers of links/resources with configurable concurrency and timeout settings, running in a new window without blocking current operations.
- Batch API Testing: Allows testing of scanned items with GET/POST requests, with configurable concurrency and timeout, and supports result copying.
- Export Capabilities: Results can be exported in JSON or Excel formats.
- Custom Regex Support: Users can define custom regex patterns for better content extraction.
- Enhanced Filtering: Built-in filters to reduce false positives for domains, emails, phone numbers, and APIs.
- Automatic and Incremental Scanning: Silent scans triggered by page loads, DOM changes, or timed strategies, with real-time merging and display of results.
Benefits:
- Efficiently identifies vulnerabilities and sensitive information on web pages.
- User-friendly interface for easy navigation and operation.
- Customizable settings to tailor the scanning process to specific needs.
Highlights:
- Open-source project with community contributions.
- Regular updates and improvements based on user feedback.
- Designed for authorized security testing and self-assessment in SRC scenarios.
