pdmhjekonpgonlpdpgehaoekfpbmligk
gPass : global Password for Firefox and Chrome gPass is an online, open source and self hosted password manager. It helps you to have a different and complex password for every account you own while only remembering one (or multiple) passwords ! To have a high level of security, all information is stored encrypted (salt + AES 256-CBC). Nothing is stored on client. The decryption is done on the fly when it's needed and only with user input. So, a hacker can get your password database, it will not be able to see any information (except if it brute force or leak your masterkey) ! Thus it's important to choose a strong masterkey ! First thing is configuration : 1) Enable the extension for private browsing 2) Install your server (see below), or use the demonstration one and create your accout 2) Go to extension options and configure your server address ("https://server name/account") 3) Populate your password database. You can use "*" character to access to all subdomains of a specific website (ie *.google.com). Then usage : When you're in a login form and you want to use gPass, type your login (case sensitive !) and fill "@@masterkey" in password field (only if gPass icon is green !). Then submit and password will automatically be replaced by the one in the database (after addon decrypt it). **You can also type "@_masterkey" to only replace your password without automatic submit. This allows to support more websites.** Another option is to enter your credentials in the new popup menu by clicking on gPass icon. If it's possible, gPass will auto fill password field, if not result password is stored into your clipboard. **Popup path is a safest method as website page will never see your masterkey.** ** Warning ** : Sometimes, addon could make some websites unusable, especially for login form. In this case, you can deactivate it for only one website by clicking right on gPass icon and "disable or enable gPass for this website" in addon menu. It's a local configuration, so it must be done for each browser. gPass can also be disabled for ALL websites thanks to addon menu "Disable or enable gPass for ALL websites". _When gPass is disabled, you can still use popup feature_. To host a password server, you need a webserver. Just copy server files in a directory read/write for web server user (www-data). A sample apache2 configuration file is available in resources. Since v0.8 and the use of Crypto API, **it's manadatory to have an HTTPS access (valid SSL/TLS certificate) to the server**. Without that, the decryption will fails. A demonstration server is available [here](https://gpass-demo.soutade.fr). It's the default server configuration for fresh installed addon (user demo). **Warning** The master key derivation is partially based on account URL. So it's linked to your current server information. You can't move databases from servers with different URLs, you need to export them and import it again. Just install the package. You can have debug information by setting DEBUG in main.js. All the code is licensed under GPL v3. Source code is available [here](https://forge.soutade.fr/soutade/gPass).
d3coder
Encoding/Decoding Plugin for various types of encoding like base64, rot13 or unix timestamp conversion This extension enables you to encode and decode selected text via the context menu. This reduces the time you spend on looking up values and gives you more time to concentrate on the important things of development. The context menu this extension enables is customizable through the options page. To get there either click on the item or go to Wrench -> Tools -> Extensions -> d3coder options. Via the popup you are able to choose between four message types: alert the result, adding a DIV-element to the bottom of the page, via console.log() or replacing the selected text on the page. You can also deactivate functions(e.g. if you don't need them and want to free the space they use). The current version has implemented the following en-/decoding functions:
chrome-pass (ZX2C4)
Chrome plugin for *pass* the standard unix password manager. Simple extension to integrate pass - the standard Unix password manager - with chrome. 1. This plugin requires the chrome-pass python package installed on your machine. 2. You must also have the unix password manager (pass) installed and your password store located at $HOME/.password-store. 3. Chrome version 107 or later. To install the chrome-pass python package in Ubuntu:
IP, DNS & Security Tools | HackerTarget.com
Quick access to IP, DNS & Network Tools. Check DNS, Whois, ASN, Traceroute, Ping and more. Tools for technical operators. IP, DNS and Security tools for technical systems operators. Instant access to Whois, GeoIP, DNS, Traceroute, Ping, HTTP Headers, Nmap and more all from your browser. Perfect for: - security professionals - network operators - systems administrators - analysts - or simply those who are curious about technical aspects of the Internet While all these tools are available on HackerTarget.com, our Chrome Extension offers quick and easy access, saving you time. Perform external network queries in a single click. HackerTarget.com is an established provider of hosted open source security scanning services such as Port Scanners (Nmap), Vulnerability Scanners (OpenVAS) and Web application security (WordPress, Nikto) testing. Online Nmap Port Scanning has been available from HackerTarget.com since 2007. While continuing to provide a stable hosted vulnerability scanning service the site continues to evolve and provides tactical information to those who manage Internet connected systems. By using hosted security scanning and network testing tools you are able to probe and troubleshoot your networks, firewalls and servers from an external perspective. This testing from outside the network perimeter or firewall simulates probes and scanning that may be performed by a determined attacker. In addition to finding vulnerabilities and security configuration errors in your systems these types of probes will also enable you to test intrusion detection (IDS / IPS) and even incident response processes.
OWASP Penetration Testing Kit
The OWASP Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily AppSec tasks. Whether you’re a penetration tester, a Red Team member, or an AppSec practitioner, OWASP PTK enhances your efficiency and provides deep insights into your target application. Runtime Scanning (DAST & IAST & SAST & SCA): Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats. Static Analysis (SAST): PTK automatically parses loaded JavaScript, HTML, and CSS right in your browser—before any code ever runs. It flags unsafe patterns like `eval()`, `innerHTML`/`outerHTML` injection, insecure cryptographic calls, missing input sanitization, and common anti-patterns. In-Browser IAST (Interactive Application Security Testing): PTK’s built-in IAST engine instruments your app at runtime—right in the browser—tracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe `eval`/`innerHTML` usage, open-redirects, and more without leaving your dev tools. JWT Inspector: Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious `jwk`, `jku`, or `kid` parameters. Insightful Application Info: One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows. Built-in Proxy & Traffic Log: Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection. R-Builder for Request Tampering & Smuggling: Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export. Cookie Management: Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor. Decoder/Encoder Utility: Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats. Swagger.IO Integration: Browse and interact with API endpoints directly from your Swagger documentation. Selenium Integration: Shift left security by running automated Selenium tests with built-in vulnerability checks. Enhance your AppSec practice with PTK—the extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!
