extension ExtPose

OWASP Penetration Testing Kit

CRX id

ojkchikaholjmcnefhjlbohackpeeknd-

Description from extension meta

OWASP Penetration Testing Kit

Image from store OWASP Penetration Testing Kit
Description from store The OWASP Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily AppSec tasks. Whether you’re a penetration tester, a Red Team member, or an AppSec practitioner, OWASP PTK enhances your efficiency and provides deep insights into your target application. Key Features: Runtime Scanning (DAST & IAST & SAST & SCA): Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats. Static Analysis (SAST): PTK automatically parses loaded JavaScript, HTML, and CSS right in your browser—before any code ever runs. It flags unsafe patterns like `eval()`, `innerHTML`/`outerHTML` injection, insecure cryptographic calls, missing input sanitization, and common anti-patterns. In-Browser IAST (Interactive Application Security Testing): PTK’s built-in IAST engine instruments your app at runtime—right in the browser—tracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe `eval`/`innerHTML` usage, open-redirects, and more without leaving your dev tools. JWT Inspector: Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious `jwk`, `jku`, or `kid` parameters. Insightful Application Info: One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows. Built-in Proxy & Traffic Log: Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection. R-Builder for Request Tampering & Smuggling: Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export. Cookie Management: Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor. Decoder/Encoder Utility: Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats. Swagger.IO Integration: Browse and interact with API endpoints directly from your Swagger documentation. Selenium Integration: Shift left security by running automated Selenium tests with built-in vulnerability checks. Enhance your AppSec practice with PTK—the extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!

Latest reviews

  • (2024-08-31) Dan Cristino: Works on Chrome and other Chrome-based browsers. Sadly, won't work on Arc browser :(
  • (2024-04-13) Przemysław Samsel: Helpful stuff thanks!
  • (2024-01-26) gideon adavize: Wonderful extension
  • (2024-01-26) Andasin: Wonderful and amazing extension
  • (2024-01-26) Danmiest4k: JWT Inspector in this extension is fantastic for securing token-based authentication. Easy to use, highly recommended!
  • (2024-01-26) Hallam Stoned: Request Builder is a dream for executing modified requests. OWASP PTK nailed it with this one!
  • (2024-01-26) iyanu: Request Attacker impresses with its ability to find XSS and SQL Injection. OWASP PTK, you've got a winner!
  • (2024-01-26) Jehujese: Request Builder is a straightforward solution for modified requests. OWASP PTK made it user-friendly.
  • (2024-01-26) Kathy Phil moser: Request Builder is a dream for executing modified requests. OWASP PTK nailed it with this one!
  • (2024-01-26) linbest: Request Builder is a game-changer for crafting and testing modified requests. Kudos!
  • (2024-01-26) mercyline: Request Attacker deserves praise for its efficiency in finding XSS and SQL Injection.
  • (2024-01-26) Mercytonia: SCA scan with reporting in OWASP PTK is a solid tool. Comprehensive insights for enhanced security.
  • (2024-01-26) Obanyi obi: JWT Inspector is a reliable choice for checking token security. Easy to use and effective.
  • (2024-01-26) Raymond Joel: Request Builder is a user-friendly solution for executing modified requests. Thumbs up!
  • (2024-01-26) Raymond akubo: Request Attacker makes identifying XSS and SQL Injection vulnerabilities effectively.
  • (2024-01-26) Samuel Gabriel: SCA scan with reporting is a valuable asset for comprehensive security checks.
  • (2024-01-26) Sophie Lucky: JWT Inspector is a standout for JWT security. A crucial tool for secure authentication.
  • (2024-01-26) William Sinwill: Request Builder simplifies the process of executing modified requests. Well-designed and efficient.
  • (2024-01-17) Gideonozi: What a powerful extension i really love using it.
  • (2024-01-17) Gideon Obanyi: SCA scan with reporting is stellar. A must for anyone serious about application security.
  • (2024-01-17) Gery Smith: Request Attacker nails it for finding XSS and SQL Injection. Solid tool for boosting app security.
  • (2024-01-17) George akuboh: Wow this extension is the best that i have ever used so far.
  • (2024-01-17) Creative Finix: Request Builder is a gem in the OWASP PTK, simplifying modified requests. Perfect for testing app resilience.
  • (2024-01-17) Tatiana: OWASP Pen Testing Kit's JWT Inspector is a lifesaver for checking token security. User-friendly and effective.
  • (2024-01-15) Jeyboy: This extension is truely outstanding
  • (2024-01-15) Rominado: I found two SQL injection was found just while crawing my app
  • (2024-01-12) emmasome: Nice tools it really amazing
  • (2024-01-12) Roseline: This is a great and amazing extension
  • (2023-06-02) Chico GPT: like a mini Burp Suite,
  • (2023-06-02) Chico GPT: like a mini Burp Suite,
  • (2023-03-05) Bug Bounty: Great tool! Like in-browser Burp.
  • (2023-03-05) Bug Bounty: Great tool! Like in-browser Burp.
  • (2023-02-11) Benewendel Freitas: Infelizmente a ferramenta não funciona como se propõe. Varias funcionalidades não entregam o que deveriam ou apresentam Bugs.
  • (2022-12-30) Anthony Mcqueen: I have used many tools some were good while others were just all hype. This tool was okay there are still some issues for me personally i am having. I hope i can fix these issues so i can continue to hunt for those bugs that are critical.
  • (2022-12-30) Anthony Mcqueen: I have used many tools some were good while others were just all hype. This tool was okay there are still some issues for me personally i am having. I hope i can fix these issues so i can continue to hunt for those bugs that are critical.
  • (2022-12-05) Dan Ramirez: no funciona al hacer clic en la extensión
  • (2022-07-12) Geraldine Tatuada: Nice
  • (2022-07-12) Geraldine Tatuada: Nice
  • (2021-12-28) Blas Jose Manuel Lara Alt Cortés: great
  • (2021-12-28) Jose Manuel Lara Cortes: great
  • (2021-09-08) Julian Molloy: Wow! awesome yet simple effective tool.
  • (2021-09-08) Julian Molloy: Wow! awesome yet simple effective tool.
  • (2021-05-06) 初七: great job
  • (2021-05-06) 初七: great job
  • (2020-07-08) Petro Krasnomovets: Great extension!
  • (2020-07-08) Petro Krasnomovets: Great extension!
  • (2020-03-05) John Wick: Великолепное дополнение от создателей metasploit
  • (2020-03-01) Bob Lerner: We use this internally to enable customers to authenticate to their applications with complex mechanisms. This extension has been a game changer.
  • (2020-03-01) Bob Lerner: We use this internally to enable customers to authenticate to their applications with complex mechanisms. This extension has been a game changer.
  • (2019-02-15) Carl Castin: great

Statistics

Installs
20,000 history
Category
Rating
4.881 (42 votes)
Last update / version
2025-06-13 / 9.2.3
Listing languages
en-GB

Links