lgklkhgljfifnnpgkblckolmaafmkikk
ANY.RUN: Scan files and links to detect malware and phishing ANY.RUN is a leading provider of malware analysis and threat intelligence services, trusted by over 500,000 cybersecurity professionals worldwide. This extension allows you to submit files and URLs for analysis using ANY.RUN's Interactive Sandbox and Safebrowsing services. Interactive Sandbox Features: - File and Link Analysis: Analyze files and links on fully interactive Windows (7-11 version) cloud virtual machines (VMs). - Comprehensive Threat Reports: Generate detailed threat reports in JSON, MISP, and HTML formats, including IOCs and malware configurations. - Malicious Behavior Monitoring: Observe samples' malicious behavior and study tactics, techniques, and procedures (TTPs) using the MITRE ATT&CK Matrix. - Customizable Settings: Adjust settings for system reboot, locale selection, and network features like MITM proxy and FakeNET. - Extended Analysis: Run VMs for up to 1200 seconds for in-depth analysis. To use the sandbox functionality, you need access to ANY.RUN's API. Each analysis session launched through the extension counts towards your API quota. Safebrowsing Features: - Secure Browsing: Open URLs within a secure, isolated, and full-size virtual browser. - Real-Time Threat Detection: Observe network traffic for malicious activity to detect threats in real time. - Data Download: Download traffic data and identified indicators of compromise. - Session Sharing: Share completed sessions as evidence of malicious content. Safebrowsing does not require API access and is available for all plans, including the free one.
Shodan
The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open. The Shodan plugin for Chrome automatically checks whether Shodan has any information for the current website. Is the website also running FTP, DNS, SSH or some unusual service? With this plugin you can see all the info that Shodan has collected on a given website/ domain.
Bolt
The purpose of this Google Chrome extension is to provide support to pentesters and developers in testing web applications 🚀 Elevate Your Web Security Testing with Our Cutting-Edge Chrome Extension! 🚀 Unleash the Power of Advanced Penetration Testing and Web Application Security Assessment, Right in Your Google Chrome Browser! Are you a relentless pentester or a vigilant developer on a mission to fortify web applications against potential vulnerabilities? Look no further – our Google Chrome extension is here to revolutionize your testing experience! 🛡️ 🔒 Seamlessly designed for both pentesters and developers, our game-changing extension redefines how you uncover and address security weak spots in web applications. Say goodbye to cumbersome, time-consuming processes – say hello to streamlined, efficient testing that truly makes a difference! 🛠️ Powerful Tools at Your Fingertips: Our extension isn't just another tool – it's an arsenal of cutting-edge instruments meticulously crafted to enhance your testing endeavors. From information disclosure detection to directory fuzzing, and path traversal testing to a robust customization methodology, we've got you covered. Uncover vulnerabilities like never before! ⚙️ User-Friendly Interface: We understand the importance of simplicity in a complex world. Navigating through intricate security assessments has never been easier. Our user-friendly interface empowers you to dive deep into testing without battling a steep learning curve. Efficiency meets elegance. 🤖 Automation, Redefined: Save time, achieve more. Our extension is your trusted ally in automation, allowing you to focus on strategic analysis rather than repetitive tasks. Experience efficiency like never before as you breeze through assessments with automated prowess. 🔗 Seamless Integration: Embrace familiarity as our extension seamlessly integrates with your trusted Google Chrome browser. No more juggling between tools and interfaces – everything you need is right where you need it, enhancing your workflow and boosting productivity. 🎯 Comprehensive Security Assessment: It's not just about finding vulnerabilities; it's about ensuring holistic protection. Our extension empowers you to conduct comprehensive security assessments, leaving no stone unturned in your quest for airtight web applications. 🔐 Reliable Results, Rapidly: We understand the urgency of the cyber landscape. With our extension, you'll harness the power of accurate, reliable results delivered swiftly. Stay ahead of potential threats and ensure the digital world remains secure. 📈 Join the Revolution: Embrace a new era of web security testing. Whether you're a seasoned pentester or a determined developer, our extension is your ticket to enhanced productivity, unmatched accuracy, and fortified web applications. Don't just test – transform your testing. Download our Google Chrome extension today and embark on a journey toward web application security excellence. Your mission to safeguard the digital realm starts now! 🔐🌐💻
Hack-Tools
The all in one Red team extension for web pentester HackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer need to search for payloads in different websites or in your local storage space, most of the tools are accessible in one click. HackTools is accessible either in pop up mode or in a whole tab in the Devtools part of the browser with F12. - Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) - Shell Spawning (TTY Shell Spawning) - MSF Venom Builder - XSS Payloads - Basic SQLi payloads - Local file inclusion payloads (LFI) - Data Encoding - Obfuscated Files or Information - Hash Generator (MD5, SHA1, SHA256, SHA512, SM3) - Useful Linux commands (Port Forwarding, SUID) - RSS Feed (Exploit DB, Cisco Security Advisories, CXSECURITY) - CVE Search Engine - Various method of data exfiltration and download from a remote machine
Vortimo OSINT-tool
OSINT Swiss army knife:bookmark/record pages, store screenshots, scrape and enrich entities. Finds text on every page + highlight. NB: All data stored locally and does not leave your computer. As seen on the desktops of researchers, investigators, journalists and intelligence analysts. If you do real investigative work using a browser you will understand why the features of this extension is SUPER helpful for investigations. We use this tool ourselves every day for investigations too. Comprehensive manual for this extension here: https://www.vortimo.com/osint-tool-extension/ Main features of this extension (if you're still reading): ============================================ Keeps track of every site you visit: > Easily (one button) saves current webpage as MHTML file locally on your computer - exactly how it appeared. > Automatically saves URL + screenshot of every page you visit. > Allows you to capture any part of the screen, save it and find it later. > You can bookmark sites for easy retrieval later. > You can search for pages you've been to using title / URL or bookmark. We have this feature so you don't lose pages you've been to - you can easily mark pages or areas in pages for further investigation / research. Generically extracts objects from pages: > Names, email addresses, phone, hashtag, alias, GPS coordinates, IP address and others. > Filter on type, value of object, see where it occurred in pages you've been to. > Can copy list of objects to clipboard to easily paste into reports, databases, other tools. > Allows you to search for any of the extracted objects. We have this feature so you can easily feed extracted information into other tools of your choice. Enrich objects / images / pages: > Using a list of OSINT tools you can enrich any of the objects extracted (like Dehashed, Epieos, Domaintools etc. etc). > In the page itself, no need to switch to other tool. > Reverse image search on images using Yandex/Google/Bing/TinEye. > Exif on images using Vortimo's own online Exif viewer (yay). > Find old instance of the pages you're on using WayBack machine and other tools. > Find pages that use same tracking codes using BuiltWith and other tools. We have this feature so you can easily and without switching tools/pages learn if there is interesting information on the Internet about an item of interest. Graphs. We have them: > Show a graph of how you navigated from one site to another. Keeps track of your journey. > Show graph of how extracted objects (email, phone, alias, hashtag, blah) are related to each other, via sites that you've visited. We have this feature because you can never remember how you got to a page, and now you can go look see. We show the object graph so you can see which names or any other extracted object is more relevant than others. Also, because it's cool. Thumbnail view: > See every site you've been to as a small picture. Bird's eye view of your investigation. > Instagram, but for sites you've been to ;) We do this because we want to make it easy for you to find a single site in a list of 400 sites. And you are probably better at pattern recognition than you are at reading text. Find ++ / Advanced search: > You give a list of names (or any other text) and we highlight it in ALL pages you go to in future. > This also works on infinite scrollers (like IG/FB) where new content is loaded dynamically. > When text is seen on page, a visual 'bell' sound on the left of the screen. > Can have lists of text to highlight and in 4 different colors (customizable) and bells. We have this feature because it is very useful when you immediately need to know if a POI appears in sea of text while you've browsing many, many pages. Import / export: > You can import and export you graphs, sites... everything you've collected > You can share the files with your collogues! We do this because - we use this tool ourselves and you need to save and share you work. The tool does a LOT! Best you check out the documentation. Enjoy the software. And thanks for reading all of this text!
