mhcnioonhbmbiflkcmjoldnjnnbiifoe
Find surface level vulnerabilities in your web applications. Beagle Security's free website security assessment allows you to gain a preliminary understanding of your website's security posture. You can fix the issues by following the remediation procedures to improve your website's security. Do you need an in-depth security assessment? Beagle Security also offers an in-depth analysis of your website’s security to uncover all the latest vulnerabilities. With a coverage of 3000+ test cases, you can always be one step ahead of the bad actors. Here's what you get with an in-depth security assessment Beagle Security is technology and framework agnostic, giving you the complete flexibility to security test any web apps no matter how it is built. Legacy or the latest tech stack – the choice is yours. Staying secure from the latest vulnerabilities can be a challenge when you rely on manual penetration testing. With Beagle Security, you can conduct periodic security tests with ease, either by scheduling them or running them in your CI/CD pipeline. Most of the critical functionalities in an application exist behind the login page. Running authenticated security tests allows you to make sure that most of the attack surface that exists on the authenticated pages are not left unattended. Staying protected from zero days vulnerabilities used to be hard, but not anymore. You are backed by a dedicated team of security researchers that is always on the hunt for the latest zero-days and adding them to our vulnerability index. Intelligence for your AppSec Less false positives, support for multiple login authentication types, autonomously deciding attack scenarios - sounds too good to be true. That is what Beagle Security’s AI-powered core brings to the table. Work with your tools Beagle Security integrates with your bug tracking tools, communication apps and CI/CD pipeline tools, helping you to save time and focus on your priorities. Complete a one-time setup and experience a seamless application security workflow.
Pentesting Toolkit
A pentester's all-in-one toolkit. Find the best tools and content for the job at the click of a button. Powered by PentestList.com Level up your pentesting game with the all-in-one pentester's toolkit—including the best tools, content and more. Tired of not knowing what tool or wordlist to use for the job? With Pentesting Toolkit (powered by PentestList.com), discover the latest top-rated resources at your fingertips. ➤ Tools Search Simply enter what you're looking for, and discover the latest top-rated tools for the job. Filtered using PentestList's advanced rating system and community-driven submissions. ➤ Content Feed Discover the latest content published in the infosec community. Filter by content to watch, read or listen to. Stay up to date on the latest news and industry advancements. ➤ Wordlists Library Stop wasting time crawling the web for out-dated and fluffy wordlists. Pentesting Toolkit features the most up-to-date, lean and relevant wordlists for the job. Right at your fingertips. Pentesting Toolkit is driven by community-submissions, which are carefully reviewed and monitored to ensure only the best tools and content are shared. Want to contribute your own? Start earning kudos, sign up and submit at www.pentestlist.com
Subdomain Finder - Find Hidden Subdomains
The best Subdomain Finder tool for bug bounty hunters and security researchers. Find hidden subdomains quickly and easily. 🚀 Subdomain Finder - The Essential Tool for Bug Bounty Hunters Discover hidden subdomains quickly and easily with our powerful Subdomain Finder extension. Perfect for bug bounty hunters, security researchers, and penetration testers. Key Features: ✅ Fast & Efficient Scanning ✅ Clean, Modern Interface ✅ Export Results ✅ Copy Subdomains with One Click ✅ Active Domain Status Check ✅ No API Key Required ✅ Zero Configuration Needed How It Works: 1. Click the extension icon 2. Enter a domain name (or use current tab's domain) 3. Click "Scan" to discover subdomains 4. View, copy, or export results Perfect for: • Bug Bounty Hunters • Security Researchers • Penetration Testers • IT Professionals • Security Enthusiasts
NavSec Vulnerability Scanner
Comprehensive security scanner with advanced XSS detection, API security analysis, and authentication testing NavSec Security Scanner v2.0 - Executive Summary 🚀 Overview NavSec is the world's most comprehensive passive web vulnerability scanner, now with international regional compliance capabilities. It performs real-time security analysis directly in your browser, detecting 80+ types of vulnerabilities across 15+ countries with 140+ automated tests. Market Innovation • First and only scanner with multi-regional identity detection • 15 countries covered with proper validation algorithms • 10 major privacy laws compliance (LGPD, GDPR, CCPA, PIPEDA, etc.) • Automatic locale detection for region-specific scanning ________________________________________ Comprehensive Security Analysis • Transport Security - HTTPS, WebSocket, Mixed Content • Headers & CSP - X-Frame-Options, HSTS, SRI • SQL Injection - 10 detection methods • XSS Protection - Reflected, Stored, DOM-based • Authentication - JWT, CSRF, Session Management • Data Privacy - Credit Cards, API Keys, Passwords • Form Security - File Upload, CAPTCHA, Autocomplete • Comments & Metadata - TODOs, Dev URLs, Credentials • Iframe Security - Sandbox, External Sources Unique Advantages • ✅ 100% Passive - No data modification • ✅ 100% Local - Complete privacy • ✅ Zero Configuration - Works instantly • ✅ Professional Reports - Export detailed dashboards • ✅ Free Forever - No premium tiers ________________________________________ Technical Specifications • Technology: Chrome Extension (Manifest V3) • Language: JavaScript ES6+ • Performance:
JS Vulnerability Detector
JavaSript Vulnerability Detector is a result of my Master Thesis at Brno University of Technology, Faculty of Information technology, graduation year 2022. The extension aims to add security features to the end-users of various websites containing vulnerable JavaScript library code. The principle of extension is following: 1. After page loads the extension scans all the JavaScript contained on the page and sends it to background script for processing. 2. If the script contains a known vulnerability (initial version focuses mostly on jQuery), it is tracked and shown in the extension popup. After detection the vulnerable script can be blocked, patched or left as is and only tracked. All data is stored locally and can be cleared by a "Clear" button in the extension popup. There is no server communication going on, no data leaves the browser. Extension runs in 4 modes: 1. disabled - no action 2. analyze - standard analysis only mode - no patching or blocking of vulnerable scripts 3. bloc - vulnerable scripts are removed from website 4. repair - experimental, vulnerable scripts are patched if possible Currently it can detect vulnerable versions of jQuery (all up to 3.5.0) and repair them by updating them in runtime to 3.5.0 and couple more (around 30, including some of lodash, remarkjs, axios, handlebars and other vulnerabilities).
