Chrome-Stats extension
OWASP Penetration Testing Kit
OWASP Penetration Testing Kit
What is OWASP Penetration Testing Kit?
Stats
- activeTab
- cookies
- notifications
- storage
- unlimitedStorage
- tabs
- webRequest
- background
- debugger
- scripting See more
- <all_urls>
- *://*/*
Chrome-Stats Rank
Summary
The Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily tasks in the realm of application security. Whether you're a penetration tester, a member of a Red Team, or an application security practitioner, this extension is designed to enhance your efficiency and provide valuable insights.
Key Features: In-Browser Runtime Scanning: PTK offers Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) scanning right within your browser. Detect SQL Injections, Command Line Injections, Stored and Reflected Cross-Site Scripting (XSS) vulnerabilities, and more. It even identifies complex threats like SQL Authentication Bypass, XPath injections, and JWT attacks.
JWT Inspector: We've added a crucial new feature – JWT Inspector. It empowers you to analyze JSON Web Tokens (JWT), build new tokens, and generate public and private keys for JWT signing. PTK makes easy a lot of JWT attacks including null signature, none algorithm, brute force HMAC secret, key/algorithm confusion, JWK injection, JKU injection, and kid parameter injection.
Insightful Information: Get a one-click access to insightful information about the target application, including its technology stack, Web Application Firewalls (WAFs), security headers, crawled links, and authentication flow.
Proxy with Traffic Log: PTK includes a proxy with a detailed traffic log. This log allows you to repeat any request in the R-Builder or send it to the R-Attacker. You can automate the execution of Cross-Site Scripting (XSS), SQL injection, or OS Command injections.
R-Builder for Request Tampering and Request Smuggling: The extension includes R-Builder, a powerful tool that allows you to craft and manipulate HTTP requests with precision. Use R-Builder to modify and tamper with requests, enabling you to test the robustness of the application's security. R-Builder empowers you to execute complex maneuvers, including HTTP request smuggling attacks, for a comprehensive assessment of application vulnerabilities.
Cookie Management: The extension includes a cookie editor, allowing you to manage cookies efficiently. Add, edit, remove, block, protect, export, and import cookies with ease.
User reviews
User reviews summary
Pros
- Provides a range of professional and powerful tools for penetration testing.
- Features like Request Builder and JWT Inspector are user-friendly and effective for security testing.
- SCA scan with reporting is thorough and impactful for identifying security concerns.
Cons
- There are reports of some functions not working properly.
- One user reported a security issue after installation, suspecting the addon to be malicious.
- Some specific features like the microphone might have issues on certain websites according to one user.
Most mentioned
- The professionalism of the extension.
- The effectiveness of the Request Attacker in finding XSS and SQL Injection vulnerabilities.
- The user-friendly and powerful JWT Inspector tool.
- SCA scan with reporting capability is highly valued.
- Concerns regarding potential security issues and non-functioning features.
Recent reviews
Safety
Risk impact
OWASP Penetration Testing Kit is very risky to use and it requires a lot of sensitive permissions. Avoid installing this add-on unless you absolutely trust this publisher.
Risk likelihood
OWASP Penetration Testing Kit is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.