What is OWASP Penetration Testing Kit?
Add-on stats
Ranking
Add-on summary
The Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily tasks in the realm of application security. Whether you're a penetration tester, a member of a Red Team, or an application security practitioner, this extension is designed to enhance your efficiency and provide valuable insights.
Key Features: In-Browser Runtime Scanning: PTK offers Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) scanning right within your browser. Detect SQL Injections, Command Line Injections, Stored and Reflected Cross-Site Scripting (XSS) vulnerabilities, and more. It even identifies complex threats like SQL Authentication Bypass, XPath injections, and JWT attacks.
JWT Inspector: We've added a crucial new feature – JWT Inspector. It empowers you to analyze JSON Web Tokens (JWT), build new tokens, and generate public and private keys for JWT signing. PTK makes easy a lot of JWT attacks including null signature, none algorithm, brute force HMAC secret, key/algorithm confusion, JWK injection, JKU injection, and kid parameter injection.
Insightful Information: Get a one-click access to insightful information about the target application, including its technology stack, Web Application Firewalls (WAFs), security headers, crawled links, and authentication flow.
Proxy with Traffic Log: PTK includes a proxy with a detailed traffic log. This log allows you to repeat any request in the R-Builder or send it to the R-Attacker. You can automate the execution of Cross-Site Scripting (XSS), SQL injection, or OS Command injections.
R-Builder for Request Tampering and Request Smuggling: The extension includes R-Builder, a powerful tool that allows you to craft and manipulate HTTP requests with precision. Use R-Builder to modify and tamper with requests, enabling you to test the robustness of the application's security. R-Builder empowers you to execute complex maneuvers, including HTTP request smuggling attacks, for a comprehensive assessment of application vulnerabilities.
Cookie Management: The extension includes a cookie editor, allowing you to manage cookies efficiently. Add, edit, remove, block, protect, export, and import cookies with ease.
See moreUser reviews
- Provides a range of professional and powerful tools for penetration testing.
- Features like Request Builder and JWT Inspector are user-friendly and effective for security testing.
- SCA scan with reporting is thorough and impactful for identifying security concerns.
- There are reports of some functions not working properly.
- One user reported a security issue after installation, suspecting the addon to be malicious.
- Some specific features like the microphone might have issues on certain websites according to one user.
- The professionalism of the extension.
- The effectiveness of the Request Attacker in finding XSS and SQL Injection vulnerabilities.
- The user-friendly and powerful JWT Inspector tool.
- SCA scan with reporting capability is highly valued.
- Concerns regarding potential security issues and non-functioning features.
User reviews
Add-on safety
Risk impact
OWASP Penetration Testing Kit requires a lot of sensitive permissions. Exercise caution before installing.
Risk likelihood
OWASP Penetration Testing Kit may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.