Chrome-Stats extension
OWASP Penetration Testing Kit
Penetration Testing Kit is an extension for application security practitioners, penetration testers, and red teams.
What is OWASP Penetration Testing Kit?
Stats
- <all_urls>
- activeTab
- cookies
- notifications
- storage
- unlimitedStorage
- tabs
- webRequest
- webRequestBlocking
- scripting
Chrome-Stats Rank
Other platforms
Summary
The Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily tasks in the realm of application security. Whether you're a penetration tester, a member of a Red Team, or an application security practitioner, this extension is designed to enhance your efficiency and provide valuable insights.
Key Features: In-Browser Runtime Scanning: PTK offers Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) scanning right within your browser. Detect SQL Injections, Command Line Injections, Stored and Reflected Cross-Site Scripting (XSS) vulnerabilities, and more. It even identifies complex threats like SQL Authentication Bypass, XPath injections, and JWT attacks.
JWT Inspector: We've added a crucial new feature – JWT Inspector. It empowers you to analyze JSON Web Tokens (JWT), build new tokens, and generate public and private keys for JWT signing. PTK makes easy a lot of JWT attacks including null signature, none algorithm, brute force HMAC secret, key/algorithm confusion, JWK injection, JKU injection, and kid parameter injection.
Insightful Information: Get a one-click access to insightful information about the target application, including its technology stack, Web Application Firewalls (WAFs), security headers, crawled links, and authentication flow.
Proxy with Traffic Log: PTK includes a proxy with a detailed traffic log. This log allows you to repeat any request in the R-Builder or send it to the R-Attacker. You can automate the execution of Cross-Site Scripting (XSS), SQL injection, or OS Command injections.
R-Builder for Request Tampering and Request Smuggling: The extension includes R-Builder, a powerful tool that allows you to craft and manipulate HTTP requests with precision. Use R-Builder to modify and tamper with requests, enabling you to test the robustness of the application's security. R-Builder empowers you to execute complex maneuvers, including HTTP request smuggling attacks, for a comprehensive assessment of application vulnerabilities.
Cookie Management: The extension includes a cookie editor, allowing you to manage cookies efficiently. Add, edit, remove, block, protect, export, and import cookies with ease.
User reviews
User reviews summary
Pros
- User-friendly interface
- Unique functionality and usefulness for penetration testing
- Improves productivity of penetration testers
Cons
- Asks for permission to read sensitive information (Usernames/passwords) which users are concerned about
- Some users experience problems with initially getting the extension to work
- Possible bug preventing the extension from opening
Most mentioned
- Good for testing modified requests
- Helpful for penetration testing
- Concerns over permissions and privacy
- Issues with initial operation
- Appreciation for the extension's tools and capabilities
Recent reviews
Safety
Risk impact
OWASP Penetration Testing Kit is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this add-on. Review carefully before installing. We recommend that you only install OWASP Penetration Testing Kit if you trust the publisher.
Risk likelihood
OWASP Penetration Testing Kit is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.
Screenshots
