TrinetLayer

Bug bounty recon companion: manage program scope and surface recon data for the active page. Includes payload library and utilities.

TrinetLayer is a lightweight reconnaissance companion for bug bounty hunters and security researchers conducting authorized testing on programs they have permission to assess. WHAT IT DOES - SCOPE MANAGER — Save your bug bounty program's in-scope domains (with wildcard support like *.example.com). The toolbar icon turns green on in-scope pages and gray on out-of-scope pages, so you always know where you are. - PAYLOAD LIBRARY — Browse a curated collection of reference payloads for XSS, SQLi, SSRF, XXE, and IDOR testing, organized by category and tag. Search, filter, and copy with one click. Add your own custom payloads too. - PAGE INFO — On-demand DOM scan of the active tab: counts of forms, inputs, links, scripts, iframes, comments, and password fields. Surfaces form actions, potential IDOR-pattern links, HTML comments, and external script sources. Also fetches and displays response security headers (CSP, HSTS, X-Frame-Options, Permissions-Policy, and more). - PER-DOMAIN NOTES — Take reconnaissance notes scoped to the current domain. Quick-save with timestamped history, and export to Markdown for your reports. - UTILITIES — Built-in Base64 encode/decode, URL encode/decode, and JWT decoder (header + payload). No data leaves your browser. PRIVACY TrinetLayer collects no user data. Everything — your scope list, custom payloads, and notes — is stored locally in your browser using chrome.storage.local. Nothing is transmitted to any external server. Payloads in the library are static reference data and are never executed by the extension itself. PERMISSIONS EXPLAINED - tabs / activeTab — Read the URL of the active tab to determine if it matches your saved scope, and inject the page-info scanner when you click "Scan Current Page." - storage — Locally save your scope, custom payloads, and notes. - scripting — Inject the DOM scanner on demand when you trigger a scan. INTENDED USE This tool is intended exclusively for authorized security testing — such as bug bounty programs you are enrolled in, penetration tests you are contracted to perform, or research on systems you own. Use of this tool against systems without explicit written authorization may violate computer-misuse laws. Built by hunters, for hunters.