Silent Recon

Tracking since Apr 1, 2026.

Changelog

• May 15, 2026
  description

  Silent Recon is a passive browser extension that scans for common web security misconfigurations while you browse. I built this extension to help users analyze security flaws in real time during their web application testing.
  
  Whether you're a bug bounty hunter, red teamer, or security-conscious developer, Silent Recon helps you catch misconfigurations that attackers can exploit including missing security headers, CORS misuses, exposed APIs, and more.
  
  Features as of now:
  - Detects CORS misconfigurations (wildcard + credentials)
  - Flags missing HTTP security headers (CSP, HSTS, etc.)
  - Identifies API endpoints and passive JSON exposure
  - Works automatically while browsing once enabled no manual scanning
  - Toggle on/off control to enable scanning when needed
  - Domain filter
  - Clear all findings anytime
  
  All detection happens locally. No data is sent to external servers.
  Built with privacy and security best practices in mind.
  
  More features are on the way, Thank you!

  Silent Recon is a browser-native security reconnaissance extension for authorized web application testing. It passively observes pages, requests, response headers, scripts, and API activity while you browse, then turns those signals into local findings and dashboard views.
  
  I built it for bug bounty hunters, red teamers, security engineers, and developers who want a faster way to spot web security misconfigurations and attack-surface clues during normal testing.
  
  The latest features of version 1.0 are:
  - Detects CORS misconfigurations, including wildcard CORS with credentials
  - Flags missing HTTP security headers such as CSP, HSTS, X-Frame-Options, Referrer-Policy, and related hardening headers
  - Identifies API endpoints, GraphQL activity, JavaScript assets, and exposed API documentation paths
  - Highlights auth/session indicators, sensitive JSON patterns, token-like values, privileged routes, and input-risk candidates
  - Builds endpoint maps, script intelligence, auth profiles, workflow chains, saved targets, and browsing sessions
  - Includes approved-target mode, target lock, first-party filtering, noise suppression, and clear/export controls
  - Provides a free local preview with optional Pro features for deeper triage, retention, workflow views, and export
  
  Silent Recon is passive: it does not attack, fuzz, exploit, brute force, or modify traffic. It is intended only for systems and applications where you have permission to perform security testing.
  
  Scan findings and browsing-derived reconnaissance data are processed and stored locally in the browser extension. Silent Recon does not sell user data or use it for advertising. License activation and validation, if used, are handled through silent-recon.com.

• May 15, 2026
  permissions

  webRequest, storage

  webRequest, storage, tabs

Permissions & access

Permissions

webRequeststoragetabs

Host access

<all_urls>

Screenshots

Similar extensions

Alternatives to Silent Recon, ranked by description similarity.

Recon Snapshot

Advanced passive footprinting tool for bug bounty hunters. Capture snapshots, analyze headers, forms, and scripts with ease.

4

SecuriScan - Web Security Analyzer

Lightweight security scanner that analyzes websites for common vulnerabilities and security misconfigurations

327

AppSec Inspector

Professional security inspection tool. Scan headers, detect secrets, audit auth - all locally, no data collection.

6

PRISM

PRISM - Advanced browser-based secret scanner that reveals invisible security risks. Refracting the web to find hidden secrets.

5

Web Detective

Analyze a webpage for SEO, security, performance, and more.

12

CSP Detector by @ffgcvs

Detects Content Security Policy violations in real-time with actionable fix hints.

9

★ 5.0

CyberPross - Security Scanner

Scan websites for security vulnerabilities, detect technologies, analyze cookies, and check for known CVEs.

23

ClawSentinel Guard

Detects hidden prompt injection on webpages. Protects your AI agent from being hijacked by malicious content.

—