Search
Collection
Category
Tag
Blog
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

AISecKit

Curated AI security tools & LLM safety resources for cybersecurity professionals

Product

Search
Collection
Category
Tag

Resources

Blog
Pricing
Submit

Tools

🔥Marathons Tools

Company

About Us
Privacy Policy
Terms of Service
Sitemap

Copyright © 2025 All Rights Reserved.

Home
Category
Phantom

Phantom

A browser extension for SRC vulnerability mining, collecting sensitive information and suspicious clues from web pages.

image for Phantom

Introduction

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/10/19

Categories

DevSecOps Tools
Penetration Testing
Vulnerability Scanners

Tags

Security Auditing
Open Source
Incident Response
Vulnerability Scanning
API Security
Penetration Testing

More Products

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1

Kereva LLM Code Scanner

Code scanner to check for issues in prompts and LLM calls

Code Assistants Prompt Engineering AI Ethics Compliance LLM+1

Phantom

Phantom is a browser extension designed for SRC vulnerability mining, focusing on collecting sensitive information and suspicious clues from web pages. It supports various scanning methods and features:

Key Features:

Basic Scanning: Automatically extracts APIs, URLs, domain names, emails, phone numbers, paths, parameters, comments, and various tokens/keys from the page.
Deep Recursive Scanning: Crawls multiple layers of links/resources with configurable concurrency and timeout settings, running in a new window without blocking current operations.
Batch API Testing: Allows testing of scanned items with GET/POST requests, with configurable concurrency and timeout, and supports result copying.
Export Capabilities: Results can be exported in JSON or Excel formats.
Custom Regex Support: Users can define custom regex patterns for better content extraction.
Enhanced Filtering: Built-in filters to reduce false positives for domains, emails, phone numbers, and APIs.
Automatic and Incremental Scanning: Silent scans triggered by page loads, DOM changes, or timed strategies, with real-time merging and display of results.

Benefits:

Efficiently identifies vulnerabilities and sensitive information on web pages.
User-friendly interface for easy navigation and operation.
Customizable settings to tailor the scanning process to specific needs.

Highlights:

Open-source project with community contributions.
Regular updates and improvements based on user feedback.
Designed for authorized security testing and self-assessment in SRC scenarios.