OWASP Penetration Testing Kit par pentestkit.co.uk
Penetration Testing Kit is an extension for application security practitioners, penetration testers, and red teams.
895 utilisateurs·trices895 utilisateurs·trices
MĂ©tadonnĂ©es de lâextension
Ă propos de cette extension
The OWASP Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily AppSec tasks. Whether youâre a penetration tester, a Red Team member, or an AppSec practitioner, OWASP PTK enhances your efficiency and provides deep insights into your target application.
Key Features:
Runtime Scanning (DAST & IAST & SAST & SCA):
Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats.
Static Analysis (SAST):
PTK automatically parses loaded JavaScript, HTML, and CSS right in your browserâbefore any code ever runs. It flags unsafe patterns like
In-Browser IAST (Interactive Application Security Testing):
PTKâs built-in IAST engine instruments your app at runtimeâright in the browserâtracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe
JWT Inspector:
Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious
Insightful Application Info:
One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows.
Built-in Proxy & Traffic Log:
Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection.
R-Builder for Request Tampering & Smuggling:
Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export.
Cookie Management:
Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor.
Decoder/Encoder Utility:
Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats.
Swagger.IO Integration:
Browse and interact with API endpoints directly from your Swagger documentation.
Selenium Integration:
Shift left security by running automated Selenium tests with built-in vulnerability checks.
Enhance your AppSec practice with PTKâthe extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!
Key Features:
Runtime Scanning (DAST & IAST & SAST & SCA):
Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats.
Static Analysis (SAST):
PTK automatically parses loaded JavaScript, HTML, and CSS right in your browserâbefore any code ever runs. It flags unsafe patterns like
eval(), innerHTML/outerHTML injection, insecure cryptographic calls, missing input sanitization, and common anti-patterns. In-Browser IAST (Interactive Application Security Testing):
PTKâs built-in IAST engine instruments your app at runtimeâright in the browserâtracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe
eval/innerHTML usage, open-redirects, and more without leaving your dev tools.JWT Inspector:
Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious
jwk, jku, or kid parameters.Insightful Application Info:
One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows.
Built-in Proxy & Traffic Log:
Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection.
R-Builder for Request Tampering & Smuggling:
Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export.
Cookie Management:
Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor.
Decoder/Encoder Utility:
Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats.
Swagger.IO Integration:
Browse and interact with API endpoints directly from your Swagger documentation.
Selenium Integration:
Shift left security by running automated Selenium tests with built-in vulnerability checks.
Enhance your AppSec practice with PTKâthe extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!
Noté 5 par 2 personnes
Autorisations et données
Autorisations nécessaires :
- Accéder à votre historique de navigation
- Vous afficher des notifications
- Accéder aux onglets du navigateur
- AccĂ©der Ă lâactivitĂ© du navigateur pendant la navigation
- Accéder à vos données pour tous les sites web
Plus dâinformations
- Liens du module
- Version
- 9.9.1
- Taille
- 9,08Â Mo
- DerniĂšre mise Ă jour
- il y a 16 heures (29 avr. 2026)
- Catégories associées
- Politique de confidentialité
- Lire la politique de confidentialité de ce module
- Historique des versions
- Ătiquettes
- Ajouter Ă la collection
Le dĂ©veloppeur de cette extension demande que vous lâaidiez Ă assurer la poursuite de son dĂ©veloppement en lui versant une petite contribution.