Description from extension meta
OWASP Penetration Testing Kit
Image from store
Description from store
The OWASP Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily AppSec tasks. Whether you’re a penetration tester, a Red Team member, or an AppSec practitioner, OWASP PTK enhances your efficiency and provides deep insights into your target application.
Key Features:
Runtime Scanning (DAST & IAST & SAST & SCA):
Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats.
Static Analysis (SAST):
PTK automatically parses loaded JavaScript, HTML, and CSS right in your browser—before any code ever runs. It flags unsafe patterns like `eval()`, `innerHTML`/`outerHTML` injection, insecure cryptographic calls, missing input sanitization, and common anti-patterns.
In-Browser IAST (Interactive Application Security Testing):
PTK’s built-in IAST engine instruments your app at runtime—right in the browser—tracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe `eval`/`innerHTML` usage, open-redirects, and more without leaving your dev tools.
JWT Inspector:
Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious `jwk`, `jku`, or `kid` parameters.
Insightful Application Info:
One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows.
Built-in Proxy & Traffic Log:
Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection.
R-Builder for Request Tampering & Smuggling:
Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export.
Cookie Management:
Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor.
Decoder/Encoder Utility:
Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats.
Swagger.IO Integration:
Browse and interact with API endpoints directly from your Swagger documentation.
Selenium Integration:
Shift left security by running automated Selenium tests with built-in vulnerability checks.
Enhance your AppSec practice with PTK—the extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!
Latest reviews
- (2023-06-02) Chico GPT: like a mini Burp Suite,
- (2023-03-05) Bug Bounty: Great tool! Like in-browser Burp.
- (2023-02-11) Benewendel Freitas: Infelizmente a ferramenta não funciona como se propõe. Varias funcionalidades não entregam o que deveriam ou apresentam Bugs.
- (2022-12-30) Anthony Mcqueen: I have used many tools some were good while others were just all hype. This tool was okay there are still some issues for me personally i am having. I hope i can fix these issues so i can continue to hunt for those bugs that are critical.
- (2022-12-05) Dan Ramirez: no funciona al hacer clic en la extensión
- (2022-07-12) Geraldine Tatuada: Nice
- (2021-12-28) Blas Jose Manuel Lara Alt Cortés: great
- (2021-09-08) Julian Molloy: Wow! awesome yet simple effective tool.
- (2021-05-06) 初七: great job
- (2020-07-08) Petro Krasnomovets: Great extension!
- (2020-03-05) John Wick: Великолепное дополнение от создателей metasploit
- (2020-03-01) Bob Lerner: We use this internally to enable customers to authenticate to their applications with complex mechanisms. This extension has been a game changer.
- (2019-02-15) Carl Castin: great