OWASP Mantra is a free and open source security toolkit with a collection of add-ons and scripts based on Firefox and Chromium. OWASP Mantra security framework toolkit is intended for web application penetration testers, web application developers, security professionals, etc.OWASP Mantra Security Framework Toolkit features :
Information Gathering
Flagfox - Displays a flag icon indicating the current webserver's physical location with many additional features.
JSView - Get straight access to scripts and stylesheets included in the current web page.
PassiveRecon - Perform passive discovery of target resources utilizing publicly available information.
Wappalyzer - Uncovers underlying technologies used on websites like CMS, e-commerce systems, JavaScript frameworks, analytics tools etc..
View Dependencies - Shows you all the files which were loaded to show the current page.
Link Sidebar - View, search and test hyperlinks in a web page.
Application Auditing
Hackbar - Simple security audit / Penetration test tool.
RESTClient - Visit and test RESTful/WebDav services.
Tamper Data - Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.
Live HTTP Headers - View HTTP headers of a page and while browsing.
RefControl - Control what gets sent as the HTTP Referer on a per-site basis.
User Agent Switcher - Various web developer tools on browser.
Web Developer - Various web developer tools on browser.
DOM Inspector - Inspect and edit the live DOM of any web document or XUL application.
Inspect This - Inspect the current element with the DOM Inspector.
Form Fox - Displays the form action, the site to which the information you've entered is being sent.
SQL Inject Me - Test for SQL injection vulnerabilities which can cause a lot of damage to a web application.
XSS Me - Test for XSS vulnerabilities which can cause a lot of damage to a web application.
Cookies Manager+ - View, edit and create cookies.
Firecookie - View and manage cookies.
Autofill Forms - Autofill Forms enables you to fill out web forms with one click or a keyboard shortcut.
Cookie Monster - Cookie Monster provides proactive cookie management on a site or domain level basis, including 3rd party cookies.
Fireforce - Brute-force attacks on GET or POST forms.
Groundspeed - Groundspeed is an add-on that allows security testers to manipulate the application user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration tests.
Http Requester - A tool for easily making HTTP requests (GET/PUT/POST/DELETE), viewing the responses, and keeping a history of transactions.
Modify Headers - Add, modify and filter the HTTP request headers sent to web servers. This addon is particularly useful for Mobile web development, HTTP testing and privacy.
Poster - A developer tool for interacting with web services and other web resources that lets you make HTTP requests, set the entity body, and content type.
Editors
JSView - Get straight access to scripts and stylesheets included in the current web page. View the source code external stylesheets and javascripts.
Firebug - Edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
Proxy
HTTP Fox - A built in local proxy for analyzing traffic.
FoxyProxy - A proxy management tool with ability to switch between multiple proxies with few clicks.
Proxy Tool - A proxy management tool with lots of additional features to enahnce the privacy.
Network Utilities
FireFTP - FTP/SFTP Client which provides intuitive access to FTP/SFTP servers.
SQLite Manager - Manage any SQLite database on your computer.
FireSSH - SSH Client.
DNS Cache - Allows you to disable and enable the DNS Cache of Firefox.
HTTP Fox - Monitors and analyzes all incoming and outgoing HTTP traffic between the browser and the web servers.
Misc
Greasemonkey - Customize the way webpages look and function. A userscript manager for Firefox.
Greasefire - Automatically finds Greasemonkey scripts on Userscripts.org.
CacheToggle - Disable and optionally clear the browser cache with the flick of a switch.
URL Flipper - Easily increment or decrement a portion of a URL without having to manually edit the text in the Location Bar.
Event Spy - DOM Event spy addon. Lets you watch JavaScript events as they occur.
Stacked Inspector - Switch DOM Inspector to an over/under vertical layout instead of the usual side-by-side panel layout.
Scriptish - The greatest user script engine on the Internet (a fork of Greasemonkey).
Session Manager - Session Manager saves and restores the state of all windows. It can also automatically save the state of open windows individually.
Fire Encrypter - Encrypt, decrypt and hashing functions utility.
DownThemAll - An easy to use and fucntional download manager.
Application Auditing
Websecurify - Websecurify is a powerful, cross-platform web security testing technology designed from the ground up with simplicity in mind.
Ra.2 - Blackbox DOM-based XSS Scanner.
Ref Spoof - Easy spoofing of the URL referer (referrer) featuring a toolbar.
NoRedirect - Take control of web page redirects for fun and profit.
And More Great Tools....
Flagfox - Displays a flag icon indicating the current webserver's physical location with many additional features.
JSView - Get straight access to scripts and stylesheets included in the current web page.
PassiveRecon - Perform passive discovery of target resources utilizing publicly available information.
Wappalyzer - Uncovers underlying technologies used on websites like CMS, e-commerce systems, JavaScript frameworks, analytics tools etc..
View Dependencies - Shows you all the files which were loaded to show the current page.
Link Sidebar - View, search and test hyperlinks in a web page.
Application Auditing
Hackbar - Simple security audit / Penetration test tool.
RESTClient - Visit and test RESTful/WebDav services.
Tamper Data - Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.
Live HTTP Headers - View HTTP headers of a page and while browsing.
RefControl - Control what gets sent as the HTTP Referer on a per-site basis.
User Agent Switcher - Various web developer tools on browser.
Web Developer - Various web developer tools on browser.
DOM Inspector - Inspect and edit the live DOM of any web document or XUL application.
Inspect This - Inspect the current element with the DOM Inspector.
Form Fox - Displays the form action, the site to which the information you've entered is being sent.
SQL Inject Me - Test for SQL injection vulnerabilities which can cause a lot of damage to a web application.
XSS Me - Test for XSS vulnerabilities which can cause a lot of damage to a web application.
Cookies Manager+ - View, edit and create cookies.
Firecookie - View and manage cookies.
Autofill Forms - Autofill Forms enables you to fill out web forms with one click or a keyboard shortcut.
Cookie Monster - Cookie Monster provides proactive cookie management on a site or domain level basis, including 3rd party cookies.
Fireforce - Brute-force attacks on GET or POST forms.
Groundspeed - Groundspeed is an add-on that allows security testers to manipulate the application user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration tests.
Http Requester - A tool for easily making HTTP requests (GET/PUT/POST/DELETE), viewing the responses, and keeping a history of transactions.
Modify Headers - Add, modify and filter the HTTP request headers sent to web servers. This addon is particularly useful for Mobile web development, HTTP testing and privacy.
Poster - A developer tool for interacting with web services and other web resources that lets you make HTTP requests, set the entity body, and content type.
Editors
JSView - Get straight access to scripts and stylesheets included in the current web page. View the source code external stylesheets and javascripts.
Firebug - Edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
Proxy
HTTP Fox - A built in local proxy for analyzing traffic.
FoxyProxy - A proxy management tool with ability to switch between multiple proxies with few clicks.
Proxy Tool - A proxy management tool with lots of additional features to enahnce the privacy.
Network Utilities
FireFTP - FTP/SFTP Client which provides intuitive access to FTP/SFTP servers.
SQLite Manager - Manage any SQLite database on your computer.
FireSSH - SSH Client.
DNS Cache - Allows you to disable and enable the DNS Cache of Firefox.
HTTP Fox - Monitors and analyzes all incoming and outgoing HTTP traffic between the browser and the web servers.
Misc
Greasemonkey - Customize the way webpages look and function. A userscript manager for Firefox.
Greasefire - Automatically finds Greasemonkey scripts on Userscripts.org.
CacheToggle - Disable and optionally clear the browser cache with the flick of a switch.
URL Flipper - Easily increment or decrement a portion of a URL without having to manually edit the text in the Location Bar.
Event Spy - DOM Event spy addon. Lets you watch JavaScript events as they occur.
Stacked Inspector - Switch DOM Inspector to an over/under vertical layout instead of the usual side-by-side panel layout.
Scriptish - The greatest user script engine on the Internet (a fork of Greasemonkey).
Session Manager - Session Manager saves and restores the state of all windows. It can also automatically save the state of open windows individually.
Fire Encrypter - Encrypt, decrypt and hashing functions utility.
DownThemAll - An easy to use and fucntional download manager.
Application Auditing
Websecurify - Websecurify is a powerful, cross-platform web security testing technology designed from the ground up with simplicity in mind.
Ra.2 - Blackbox DOM-based XSS Scanner.
Ref Spoof - Easy spoofing of the URL referer (referrer) featuring a toolbar.
NoRedirect - Take control of web page redirects for fun and profit.
And More Great Tools....
5:57 PM | 1
comments | Read More
