mnnfjgnafollgnkkfgkfodfidahpmffa
Detects website technologies, versions, and security vulnerabilities using Xposer.io API Have you ever wondered what version of Wordpress a site is running? Now there is an easy way to find out. The Xposer extension makes it convenient to call out to the xposer.io API from the website you are currently viewing. Just click the extension icon and click 'Expose'. The product and exact version of the website you are viewing will be revealed to you. As a developer you can use this information to offer the owner of the site an upgrade of the detected product. As a site owner you can check if you are running the most recent version of the product. The version is not gleaned from the meta tags of the website, but by checking of key characteristics of each known product. - Drupal - Joomla - WordPress - TYPO3 - Magento 2 - and more! More products and capabilities will be added in the near future.
Vulners Web Scanner
Tiny vulnerability scanner based on vulners.com vulnerability database. Passively scan websites while you surf internet! Tiny vulnerability security scanner based on vulners.com vulnerability database. It provides you ability to passively scan websites that you surf, on known vulnerabilities.
Pulsedive Threat Intelligence
Highlight IPs, domains, and URLs on any website to enrich them using Pulsedive's threat intelligence. Streamline real-time threat research and analysis on any website you visit with Pulsedive’s threat intelligence browser add-on. Highlight IPs, domains, URLs, or threat names in any website text to enrich them using Pulsedive's free Community dataset. Get immediate, up-to-date context when reading cybersecurity news and threat advisories, or exploring threat intelligence collections and research. Create a free account at pulsedive.com for increased limits and additional capabilities. – FEATURES: • Indicator Lookup - highlight text around an IP, URL, or domain to enrich with contextual data from Pulsedive, including associated threats, screenshots, ports, protocols, web technologies, HTTP headers, meta tags, WHOIS data, and much more • On-Demand Scans - perform real-time passive or active scans on IPs, domains, and URLs to fetch live data • Bulk Processing - highlight text containing hundreds or thousands of indicators to parse and refang in bulk, download them as a CSV, and submit to Pulsedive Analyze for bulk enrichment • Threat Research - look up threat names and aliases to retrieve threat summaries, associated indicators, TTPs, latest news, and additional context • Website Enrichment - click the add-on button without highlighting text to retrieve domain information for the website you're visiting • Mute Options - reduce noise by easily muting the auto-popup temporarily or on specific sites • Flexible Controls - adjust the add-on settings to control when, where, and how Pulsedive parses threat intelligence information • Quick Pivoting - convenient one-click pivot to the Pulsedive Community platform at pulsedive.com for further analysis – WHAT'S NEW - VERSION 3: The latest update introduces bulk indicator processing, advanced settings & controls, and an improved user experience and interface. • Dark mode • Free-text parsing for IPs, URLs, and domains • Bulk indicator processing • Muting/unmuting and website exclusions • Usage guide in Settings page • Fixed punycode domain support • Fixed various CSS conflicts with injected popup – Pulsedive offers frictionless threat intelligence solutions for growing teams. The Pulsedive Community platform at pulsedive.com aggregates, enriches, and correlates community threat data to support analyst workflows and time to action. With 50M+ searchable indicators and threats collected from user submissions and feeds, the Pulsedive add-on delivers invaluable context wherever you work.
OWASP Penetration Testing Kit
The OWASP Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily AppSec tasks. Whether you’re a penetration tester, a Red Team member, or an AppSec practitioner, OWASP PTK enhances your efficiency and provides deep insights into your target application. Runtime Scanning (DAST & IAST & SAST & SCA): Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats. Static Analysis (SAST): PTK automatically parses loaded JavaScript, HTML, and CSS right in your browser—before any code ever runs. It flags unsafe patterns like `eval()`, `innerHTML`/`outerHTML` injection, insecure cryptographic calls, missing input sanitization, and common anti-patterns. In-Browser IAST (Interactive Application Security Testing): PTK’s built-in IAST engine instruments your app at runtime—right in the browser—tracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe `eval`/`innerHTML` usage, open-redirects, and more without leaving your dev tools. JWT Inspector: Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious `jwk`, `jku`, or `kid` parameters. Insightful Application Info: One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows. Built-in Proxy & Traffic Log: Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection. R-Builder for Request Tampering & Smuggling: Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export. Cookie Management: Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor. Decoder/Encoder Utility: Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats. Swagger.IO Integration: Browse and interact with API endpoints directly from your Swagger documentation. Selenium Integration: Shift left security by running automated Selenium tests with built-in vulnerability checks. Enhance your AppSec practice with PTK—the extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!
CrowdScrape
Scrape web content for indicators of interest and integrate CrowdStrike Intelligence information The CrowdStrike Intelligence Team is proud to announce the release of CrowdScrape version 1.5.0. CrowdScrape is a Chrome Plugin designed to allow you to be able to scrape indicators from various websites and in-browser documents such as PDF reports while matching the data up against CrowdStrike Intelligence. This release provides bug fixes and enables support for customers in all cloud environments, and includes support for the OAuth2-based Intel API, which has replaced the deprecated legacy key-based APIs (see https://falcon.crowdstrike.com/support/documentation for further information on our API). This easy to use tool produces indicator lists that collect: · Domain, IP addresses, URLs, hashes (MD5, SHA1, SHA256) and Bitcoin addresses · On-Screen Tagging of CrowdStrike known indicators, and links to Indicator Search · Matches to CrowdStrike Intelligence with links to reports in CrowdStrike Intel Portal · Integrations with the CrowdStrike Indicator Graph to visualise intelligence In addition, you can use CrowdScrape to copy any indicators to clipboard making it easier to pull OSINT from different sources and converting this to a text file for implementation into your systems.
