Legal

Privacy Policy

Last updated: April 9, 2026

Overview

HackTools++ is a Chrome DevTools extension for security testing. It is designed with a privacy-first approach: all scanning, analysis, and data processing runs locally in your browser. No data is collected, transmitted, or stored on any external server.

Data Collection

HackTools++ does not collect, store, or transmit any of the following:

  • Personal information (name, email, account details)
  • Browsing history or visited URLs
  • HTTP request or response content
  • Detected secrets, credentials, or scan findings
  • Technology fingerprinting results
  • Usage analytics or telemetry

How the Extension Works

HackTools++ uses the Chrome DevTools Network API to capture HTTP/HTTPS requests within the DevTools panel. All captured data remains in your browser's local memory and is discarded when you close the DevTools panel or the tab.

  • HTTP Repeater — Requests are replayed using fetch() from the extension context. No data is proxied through external servers.
  • Intruder — Fuzzing payloads are generated and sent locally from your browser.
  • Secret Scanner — Pattern matching runs entirely in your browser using local regex rules. Detected secrets never leave your machine.
  • Tech Detector — Technology fingerprinting and CVE mapping use a local database bundled with the extension.
  • Client-Side Scanner — Security checks run against the loaded page in your browser session.
  • AI Assist — Endpoint analysis uses local pattern matching. No API calls are made to external AI services.

Remote Validation (Opt-In)

The Secret Scanner includes an optional remote validation feature that can test whether a detected credential is active (e.g., validating a GitHub token against the GitHub API). This feature:

  • Is disabled by default
  • Requires explicit user confirmation before each validation
  • Sends requests directly from your browser to the relevant service provider — not through any HackTools++ server

Permissions

HackTools++ requests the following Chrome extension permissions:

  • host_permissions (<all_urls>) — Required to replay HTTP requests to any target domain using fetch() from the extension context.
  • devtools — Required to create the HackTools++ panel inside Chrome DevTools.
  • webRequest / webNavigation — Required to capture network traffic in the DevTools panel.

These permissions are used exclusively for security testing functionality and are never used to collect or transmit user data.

Third-Party Services

HackTools++ does not integrate with any third-party analytics, advertising, or tracking services. The extension makes no network requests to HackTools++ servers or any other third-party service during normal operation.

Data Storage

Captured requests and scan results are stored temporarily in browser memory during your DevTools session. No data is persisted to disk, local storage, or any external database. Closing the DevTools panel or browser tab clears all session data.

Children's Privacy

HackTools++ is a professional security testing tool and is not directed at children under 13. We do not knowingly collect any information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated revision date. Continued use of the extension after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or the extension's data practices, please open an issue on the project's repository or contact us through the Chrome Web Store listing.