Web Explode

Name: Web Explode
Rating: 5 (2 reviews)
Author: macallan

By: macallan

Ultimate Pentest Suite — Payload injection, encoding, recon, session manipulation, and JS scraping.

Download

Install

Features & Capabilities

WebExplode is an advanced, all-in-one browser extension designed for pentesters, bug bounty hunters, and security researchers. Completely rebuilt on a modern Manifest V3 ES Module architecture, it combines 7 powerful modules into a single suite, turning your browser into a standalone security testing laboratory.

Complete Privacy & Security: The extension has zero external dependencies, strictly avoids unsafe DOM manipulations (zero innerHTML), and never transmits user data to an external server. All scanning, fuzzing, and cryptography operations are executed 100% locally in your browser.

The Arsenal (Included Modules):

🐍 Venom (Payload Injector): Injects XSS, SQLi, LFI, and SSRF payloads directly into input fields. Uses smart injection techniques (native prototype setters) to bypass synthetic event traps in frameworks like React and Vue. Easily accessible via a right-click context menu.


🧩 Decode (Cryptography): An offline, real-time encoder/decoder for URL, Base64, Hex, and HTML Entities. It features a built-in JWT payload debugger and asynchronous SHA-256/512 hash calculation.
🕵️‍♂️ Spy (Reconnaissance): Identifies the technology stack (Frameworks, CMS) of the active tab. Intercepts and analyzes HTTP response headers to highlight security misconfigurations (CSP, HSTS). Includes a default password database search.
🪓 Forge (Session & CSRF): Hunts for sensitive Tokens/JWTs in Local/Session Storage. Generates precision CSRF Proof-of-Concept forms from the DOM and attempts to bypass WAF configurations by injecting dynamic IP spoofing headers (X-Forwarded-For).
🐺 Hound (Secret Scanner): Fetches and analyzes client-side JavaScript files. Powered by a Service Worker backend to bypass strict CORS policies, it discovers forgotten secrets such as AWS keys, Stripe APIs, and JWTs using advanced regex patterns.
🧬 ProtoPulse (Prototype Pollution): [NEW] Automatically fuzzes active URL parameters and hashes with targeted canaries. Injects a DOM observer to detect and verify DOM-based Prototype Pollution vulnerabilities in real-time.

🔭 WebGraph (GraphQL Inspector): [NEW] Passively discovers hidden GraphQL API endpoints (/graphql, /api/graphql). Executes Introspection queries to extract and map the complete schema, breaking down exposed Queries, Mutations, and Subscriptions.

User Growth & Download Statistics

Add-on

By:

Daily users:

Rating:

Version:

3.0.0 Last updated: 2026-04-26

Version code:

6236028

Creation date:

2026-02-23

Risk:

Permissions:

Host permissions:

<all_urls>
https://cirt.net/*
https://crt.sh/*

Content scripts matches:

<all_urls>

Size:

80.59KB

Email:

ha*****@protonmail.com

URLs:

Website ,Privacy policy

Full description:

Source:

Firefox Add-ons Store

Data ingested on:

2026-06-04

Compare stats and ranking:

Ranking

# 40,857 ▲ 3,319

Other rankings

#32 in pollution keyword 6 ▲ 1#92 in explore keyword 13 ▲ 9#121 in scraping keyword 57 ▲ 12#214 in inject keyword 13 ▲ 14

For Developers

Monetize with App Pass Boost with Extension Booster

Contact the developer

Chrome-Stats does not own this Firefox add-on. Please use these information below to contact the Firefox add-on developer.

Developed by:

macallan

Firefox Add-ons Store

https://addons.mozilla.org/firefox/addon/web-explode/

Email:

ha*****@protonmail.com

Website:

https://github.com/MacallanTheRoot/Web-Pentest-Extensions

Permission Change History

2026-04-27: Version 2.5.0 → 3.0.0

Add Host permissions: https://cirt.net/* https://crt.sh/*

Add Optional permissions: <all_urls>

User Reviews

Mr.Robot

by Do*****, 2026-03-30

Elinize sağlık fevkalade bir eklenti olmuş bayıldım 👏👏👏

by Ve*****, 2026-02-26

View all user reviews ›

Is Web Explode Safe?

Risk impact

Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypassing your security settings, and accessing your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.

Web Explode requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk impact analysis details

Critical Grants access to browser tabs, which can be used to track user browsing habits and history, presenting a privacy concern.
Critical ****** ****** ** *** ********* ****** * *********** ******** **** ** ** *** ******* *** ****** **** **** *** ******* *****
High ****** *** ********* ** ******* *** ******* ******* ** ****** *** *** ******** ******
High ******* ******* **** *** ****** ***** *** ***** ** ******* **** ********* ********* ** * *********** *****
Medium ****** ** ********* ****** ********* *** **** ****** **** **** ** ******* ** ********** **** ***********
Low ******* ****** ** *** ********* ******** ********* ******

Risk likelihood

Risk likelihood measures the probability that a Firefox add-on may turn malicious. This is determined by the publisher and the Firefox add-on reputation on Firefox Add-ons Store, the amount of time the Firefox add-on has been around, and other signals about the Firefox add-on. Our algorithms are not perfect, and are subject to change as we discover new ways to detect malicious extensions. We recommend that you always exercise caution when installing a Firefox add-on.

Web Explode may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.

Risk likelihood analysis details

High This extension has low user count. Unpopular extensions may not be stable or safe.
Medium **** ********* *** ******* ** *** **** * ******* *** ******* *** *** ** ****** ** *****
Medium **** ********* *** ***** ** *** **** * ******* *** ********** *** *** ** ****** ** *****
Good **** ********* *** **** **** *******