OWASP Penetration Testing Kit
OWASP Penetration Testing Kit
What is OWASP Penetration Testing Kit?
Stats
- activeTab
- cookies
- notifications
- storage
- unlimitedStorage
- tabs
- webRequest
- background
- debugger
- scripting See more
- <all_urls>
- *://*/*
Chrome-Stats Rank
Summary
The Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily tasks in the realm of application security. Whether you're a penetration tester, a member of a Red Team, or an application security practitioner, this extension is designed to enhance your efficiency and provide valuable insights.
Key Features: In-Browser Runtime Scanning: PTK offers Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) scanning right within your browser. Detect SQL Injections, Command Line Injections, Stored and Reflected Cross-Site Scripting (XSS) vulnerabilities, and more. It even identifies complex threats like SQL Authentication Bypass, XPath injections, and JWT attacks.
JWT Inspector: We've added a crucial new feature – JWT Inspector. It empowers you to analyze JSON Web Tokens (JWT), build new tokens, and generate public and private keys for JWT signing. PTK makes easy a lot of JWT attacks including null signature, none algorithm, brute force HMAC secret, key/algorithm confusion, JWK injection, JKU injection, and kid parameter injection.
Insightful Information: Get a one-click access to insightful information about the target application, including its technology stack, Web Application Firewalls (WAFs), security headers, crawled links, and authentication flow.
Proxy with Traffic Log: PTK includes a proxy with a detailed traffic log. This log allows you to repeat any request in the R-Builder or send it to the R-Attacker. You can automate the execution of Cross-Site Scripting (XSS), SQL injection, or OS Command injections.
R-Builder for Request Tampering and Request Smuggling: The extension includes R-Builder, a powerful tool that allows you to craft and manipulate HTTP requests with precision. Use R-Builder to modify and tamper with requests, enabling you to test the robustness of the application's security. R-Builder empowers you to execute complex maneuvers, including HTTP request smuggling attacks, for a comprehensive assessment of application vulnerabilities. Now with cURL support - copy or paste your cURL request and execute in a second.
Cookie Management: The extension includes a cookie editor, allowing you to manage cookies efficiently. Add, edit, remove, block, protect, export, and import cookies with ease.
User reviews
User reviews summary
Pros
- JWT Inspector for token-based authentication
- Request Builder for executing modified requests
- Request Attacker for finding XSS and SQL Injection vulnerabilities
- SCA scan with reporting for comprehensive security checks
Cons
- No specific cons mentioned
Most mentioned
- JWT Inspector
- Request Builder
- Request Attacker
- SCA scan with reporting
Recent reviews
Safety
Risk impact
OWASP Penetration Testing Kit is very risky to use and it requires a lot of sensitive permissions. Avoid installing this extension unless you absolutely trust this publisher.
Risk likelihood
OWASP Penetration Testing Kit is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this extension.
Promo images
Similar extensions
Here are some Chrome extensions that are similar to OWASP Penetration Testing Kit: