HackBar browser extension for Firefox and Google Chrome, without license
https://addons.mozilla.org/firefox/addon/hackbar-free/
Browser extension (Firefox and Chromium) for developer tools (DevTools panel), rewritten with Vue 3, Vite, and vite-plugin-web-extension (documentation).
- Node.js 24+
- pnpm (or adapt the commands for npm)
pnpm install
pnpm run build # default: TARGET=chrome (for the plugin dev tool)
pnpm run build:firefox # same `dist/` output, `TARGET=firefox` if you use the plugin’s browser modeThe loadable package is in the dist/ folder (load it via about:debugging in Firefox or “Extensions” → developer mode in Chrome). On Windows, cross-env is used to set TARGET (see multibrowser).
pnpm run dev # watch, Chrome by default (equivalent to TARGET=chrome)
pnpm run dev:firefox # watch for FirefoxRuns a Vite build in watch mode (rebuilds the dist folder on each change). Reload the extension in the browser after each rebuild.
Static entries follow patterns documented in security-testing literature (authorized pentest, lab, bug bounty). Main references:
| Source | Link | Role |
|---|---|---|
| OWASP | owasp.org | Testing framework and web security guidance. |
| PayloadsAllTheThings | github.com/swisskyrepo/PayloadsAllTheThings · site | Curated payloads by category (NoSQL, SSRF, SSTI, XSS, etc.). |
| HackTricks | book.hacktricks.wiki | Practical notes (NoSQL, SSRF, cloud bypasses, etc.). |
| SecLists | github.com/danielmiessler/SecLists (Fuzzing folder) | Wordlists and fuzzing payloads (XSS, etc.) — inspiration for targeted snippets. |