OWASP Penetration Testing Kit

How to install an extension Open in Chrome Web Store

CRX ID

ojkchikaholjmcnefhjlbohackpeeknd

Description from extension meta

Image from store

Description from store

The OWASP Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily AppSec tasks. Whether you’re a penetration tester, a Red Team member, or an AppSec practitioner, OWASP PTK enhances your efficiency and provides deep insights into your target application.

Key Features:

Runtime Scanning (DAST & IAST & SAST & SCA):
Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats.

Static Analysis (SAST):
PTK automatically parses loaded JavaScript, HTML, and CSS right in your browser—before any code ever runs. It flags unsafe patterns like `eval()`, `innerHTML`/`outerHTML` injection, insecure cryptographic calls, missing input sanitization, and common anti-patterns.

In-Browser IAST (Interactive Application Security Testing):
PTK’s built-in IAST engine instruments your app at runtime—right in the browser—tracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe `eval`/`innerHTML` usage, open-redirects, and more without leaving your dev tools.

JWT Inspector:
Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious `jwk`, `jku`, or `kid` parameters.

Insightful Application Info:
One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows.

Built-in Proxy & Traffic Log:
Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection.

R-Builder for Request Tampering & Smuggling:
Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export.

Cookie Management:
Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor.

Decoder/Encoder Utility:
Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats.

Swagger.IO Integration:
Browse and interact with API endpoints directly from your Swagger documentation.

Selenium Integration:
Shift left security by running automated Selenium tests with built-in vulnerability checks.

Enhance your AppSec practice with PTK—the extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!

Latest reviews

Dan Cristino 2024-08-31: Works on Chrome and other Chrome-based browsers. Sadly, won't work on Arc browser :(
Przemysław Samsel 2024-04-13: Helpful stuff thanks!
gideon adavize 2024-01-26: Wonderful extension
Andasin 2024-01-26: Wonderful and amazing extension
Danmiest4k 2024-01-26: JWT Inspector in this extension is fantastic for securing token-based authentication. Easy to use, highly recommended!
Hallam Stoned 2024-01-26: Request Builder is a dream for executing modified requests. OWASP PTK nailed it with this one!
iyanu 2024-01-26: Request Attacker impresses with its ability to find XSS and SQL Injection. OWASP PTK, you've got a winner!
Jehujese 2024-01-26: Request Builder is a straightforward solution for modified requests. OWASP PTK made it user-friendly.
Kathy Phil moser 2024-01-26: Request Builder is a dream for executing modified requests. OWASP PTK nailed it with this one!
linbest 2024-01-26: Request Builder is a game-changer for crafting and testing modified requests. Kudos!
mercyline 2024-01-26: Request Attacker deserves praise for its efficiency in finding XSS and SQL Injection.
Mercytonia 2024-01-26: SCA scan with reporting in OWASP PTK is a solid tool. Comprehensive insights for enhanced security.
Obanyi obi 2024-01-26: JWT Inspector is a reliable choice for checking token security. Easy to use and effective.
Raymond Joel 2024-01-26: Request Builder is a user-friendly solution for executing modified requests. Thumbs up!
Raymond akubo 2024-01-26: Request Attacker makes identifying XSS and SQL Injection vulnerabilities effectively.
Samuel Gabriel 2024-01-26: SCA scan with reporting is a valuable asset for comprehensive security checks.
Sophie Lucky 2024-01-26: JWT Inspector is a standout for JWT security. A crucial tool for secure authentication.
William Sinwill 2024-01-26: Request Builder simplifies the process of executing modified requests. Well-designed and efficient.
Gideonozi 2024-01-17: What a powerful extension i really love using it.
Gideon Obanyi 2024-01-17: SCA scan with reporting is stellar. A must for anyone serious about application security.
Gery Smith 2024-01-17: Request Attacker nails it for finding XSS and SQL Injection. Solid tool for boosting app security.
George akuboh 2024-01-17: Wow this extension is the best that i have ever used so far.
Creative Finix 2024-01-17: Request Builder is a gem in the OWASP PTK, simplifying modified requests. Perfect for testing app resilience.
Tatiana 2024-01-17: OWASP Pen Testing Kit's JWT Inspector is a lifesaver for checking token security. User-friendly and effective.
Jeyboy 2024-01-15: This extension is truely outstanding
Rominado 2024-01-15: I found two SQL injection was found just while crawing my app
emmasome 2024-01-12: Nice tools it really amazing
Roseline 2024-01-12: This is a great and amazing extension
Chico GPT 2023-06-02: like a mini Burp Suite,
Chico GPT 2023-06-02: like a mini Burp Suite,
Bug Bounty 2023-03-05: Great tool! Like in-browser Burp.
Bug Bounty 2023-03-05: Great tool! Like in-browser Burp.
Benewendel Freitas 2023-02-11: Infelizmente a ferramenta não funciona como se propõe. Varias funcionalidades não entregam o que deveriam ou apresentam Bugs.
Anthony Mcqueen 2022-12-30: I have used many tools some were good while others were just all hype. This tool was okay there are still some issues for me personally i am having. I hope i can fix these issues so i can continue to hunt for those bugs that are critical.
Anthony Mcqueen 2022-12-30: I have used many tools some were good while others were just all hype. This tool was okay there are still some issues for me personally i am having. I hope i can fix these issues so i can continue to hunt for those bugs that are critical.
Dan Ramirez 2022-12-05: no funciona al hacer clic en la extensión
Geraldine Tatuada 2022-07-12: Nice
Geraldine Tatuada 2022-07-12: Nice
Blas Jose Manuel Lara Alt Cortés 2021-12-28: great
Jose Manuel Lara Cortes 2021-12-28: great
Julian Molloy 2021-09-08: Wow! awesome yet simple effective tool.
Julian Molloy 2021-09-08: Wow! awesome yet simple effective tool.
初七 2021-05-06: great job
初七 2021-05-06: great job
Petro Krasnomovets 2020-07-08: Great extension!
Petro Krasnomovets 2020-07-08: Great extension!
John Wick 2020-03-05: Великолепное дополнение от создателей metasploit
Bob Lerner 2020-03-01: We use this internally to enable customers to authenticate to their applications with complex mechanisms. This extension has been a game changer.
Bob Lerner 2020-03-01: We use this internally to enable customers to authenticate to their applications with complex mechanisms. This extension has been a game changer.
Carl Castin 2019-02-15: great

Extension Actions