Chrome浏览器中有许多有用的扩展插件,可以帮助你更轻松的完成渗透测试,本文带来几个常用的渗透测试扩展插件,与各位一起分享。
XSS Rays
用于检测各类型的XSS漏洞
Complete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects.
XSS Rays is a security tool to help pen test large web sites. It’s core features include a XSS scanner, XSS Reverser and
object inspection. Need to know how a certain page filters output? Don’t have the source? No problem. XSS Rays will
blackbox reverse a XSS filter without needing the source code.
Google Hack Data Base
连接GHDB的扩展程序
Google Hack Data Base – application to work with GHDB. Choose a category and click on the necessary query. To find description vulnerability, click “Search on www.exploit-db.com”. Application provides possibility to search vulnerabilities on the specified site. Just click on the search button and enter the site name. This application allows a better understanding of the basis web security.
Websecurify 是一个强大的跨平台web安全测试工具
Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.Websecurify saves you time and money by automating a tiresome and very technical process used by experts to find scary security vulnerabilities.
HPP Finder
用于发现潜在的HPP攻击向量
HTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.
Form Fuzzer
HTML form fuzz tester. 用于做HTML表单的FUZZ
This is a fuzz testing, utility created to assist in populating web forms with some random data.
Website Crawler 网站爬虫
Use this extension to spider a website looking for dead links. One can restrict the spidering to a directory, a domain, or any other regular expression. The spider can also follow one link beyond this restriction, allowing one to find broken external links.
XSS ChEF
Chrome Extension Exploitation Framework一个基于Chrome渗透测试框架,你可以理解成BeEF的chrome版
This is a Chrome Extension Exploitation Framework – think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation.