When you're hunting for bugs, one of the most valuable things you can do is uncover hidden endpoints. These relative URLs often reveal forgotten functionality, misconfigured paths, or juicy attack surfaces. Instead of manually digging through source code, I built a lightweight JavaScript bookmarklet that does the heavy lifting right inside your browser.
Why a Bookmarklet?
Bookmarklets are underrated. They're portable, require no installation, and run instantly on any page. For bug bounty hunters, this means you can carry your toolkit anywhere — just a browser and your bookmark bar.
What This Script Does
- Scans the page and loaded scripts for relative URLs.
- Collects endpoints into a draggable, resizable panel.
- Searches with wildcards or multi‑word filters.
- Exports results to clipboard or text file.
- Runs entirely client‑side — no external dependencies.
In short: click the bookmark, wait a few seconds, and you'll see a neat panel listing all relative URLs the page exposes.
How to Install
- Copy the code from my GitHub repo: 👉 Endpoint-finder
- Create a new bookmark in your browser.
- Paste the code into the bookmark's URL field.
- Visit any site, click the bookmark, and watch the panel appear.