Marksman

Highlight dynamic endpoints on webpages

Marksman

Install from Chrome Web Store

Extension stats

Users: 4
2
Version: 1.2 (Last updated: 2024-10-29)
Creation date: 2024-10-28
Risk impact: High risk impact
Risk likelihood:
Manifest version: 3
Permissions:
  • activeTab
  • webNavigation
  • storage
  • scripting
  • <all_urls>
Host permissions:
  • <all_urls>
Size: 39.77K

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

The purpose of this tool is to assist with casual web application penetration testing during large scope engagements where pages may contain dozens or hundreds of links and references to additional endpoints. The tool aims to give testers visual indicators that can help them streamline their attention and focus on elements of interests for further testing without clicking through large numbers of static resources.

In 1 click, the tool will highlight in yellow all href elements that refer to pages with the potential for dynamic functionality (asp, php, aspx, jsp, jspx, etc.). The tool will also highlight in red all href elements that contain HTTP GET parameters, after identifying these via regular expression. Finally the tool highlights in magenta any input form elements that result in dynamic HTTP POST requests. This should ideally assist penetration testers in focusing quickly on elements of interest for further investigation.

If you want to have the functionality running continuously, simply select the INFINITE MODE checkbox and press the FIRE button. The plugin will automatically perform targeting during navigation until the checkbox is deselected by the user.

The tool is equally useful for reconnaissance on search results page to visually identify interesting endpoints containing the aforementioned properties.

Extension safety

Risk impact

Marksman requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

Marksman may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to Marksman: