Silent Recon

Passive and extensible web security scanner. Detects CORS flaws, missing headers, exposed APIs.

Silent Recon is a passive browser extension that scans for common web security misconfigurations while you browse. I built this extension to help users analyze security flaws in real time during their web application testing. Whether you're a bug bounty hunter, red teamer, or security-conscious developer, Silent Recon helps you catch misconfigurations that attackers can exploit including missing security headers, CORS misuses, exposed APIs, and more. Features as of now: - Detects CORS misconfigurations (wildcard + credentials) - Flags missing HTTP security headers (CSP, HSTS, etc.) - Identifies API endpoints and passive JSON exposure - Works automatically while browsing once enabled no manual scanning - Toggle on/off control to enable scanning when needed - Domain filter - Clear all findings anytime All detection happens locally. No data is sent to external servers. Built with privacy and security best practices in mind. More features are on the way, Thank you!