• Stars
    star
    473
  • Rank 92,832 (Top 2 %)
  • Language
    Shell
  • License
    MIT License
  • Created about 9 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tool that transforms Firefox browsers into a penetration testing suite

Firefox Security Toolkit

A tool that transforms Firefox browsers into a penetration testing suite

How?

It downloads the most important extensions, and install it on your browser. The used extensions has been chosen by a survey among the information security community. Based on it's results, Firefox Security Toolkit was made. Also, it allows you to download Burp Suite certificate and a large user-agent list for User-Agent Switcher. Making it one-click away to prepare your web-application testing browser.

How does it differ from well-known projects, such as OWASP Mantra and Hcon STF?

OWASP Mantra and Hcon STF are not regularly updated, and needs a lot of work in order to develop and maintain. Meanwhile, Firefox Security Toolkit does not need a additional maintaining, although I would be maintaining it for any issues/bugs if needed. The used extensions are downloaded from Mozilla Addons Store with its latest version, to ensure the best testing experience for the penetration tester.

Who can use Firefox Security Toolkit?

Web-Application Penetration Testers, Information Security Learners, and basically anyone interested in web-application security.

Compatibility

The project supports Linux/Unix environments.

Usage

bash ./firefox_security_toolkit.sh

Demo Video

Demo Video

Available Add-ons

Additions & Features

  • Downloading Burp Suite certificate.
  • Downloading a large user-agent list for User-Agent Switcher.

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage of Firefox Security Toolkit for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

License

The project is licensed under MIT License.

Author

Mazin Ahmed

More Repositories

1

secrets-patterns-db

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
Python
865
star
2

bfac

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.
Python
513
star
3

shennina

Automating Host Exploitation with AI
Python
433
star
4

struts-pwn

An exploit for Apache Struts CVE-2017-5638
Python
417
star
5

server-status_PWN

A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.
Python
407
star
6

GithubCloner

A script that clones Github repositories of users and organizations.
Python
381
star
7

tfquery

tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
Python
324
star
8

xless

The Serverless Blind XSS App
JavaScript
316
star
9

struts-pwn_CVE-2018-11776

An exploit for Apache Struts CVE-2018-11776
Python
299
star
10

jwt-pwn

Security Testing Scripts for JWT
Python
288
star
11

struts-pwn_CVE-2017-9805

An exploit for Apache Struts CVE-2017-9805
Python
247
star
12

public

PHP
36
star
13

go-random

🌐 go-random: A fast, clear, and cryptographically-secure random data generator for Golang
Go
27
star
14

whatsapp-chat-parser

WhatsApp Chat Parser
Python
17
star
15

Ubuntu-Desktop-Malware-Vector-Demo

Demo for http://blog.mazinahmed.net/2017/04/using-ubuntu-desktop-as-malware-vector.html
5
star
16

gronpy

Print JSON objects in a "Greppable" output.
Python
4
star
17

trufflehog-clone

Trufflehog v2 Clone
2
star
18

juice-shop

TypeScript
2
star
19

mazinahmed.net

mazinahmed.net
HTML
2
star
20

detect_passive_secrets

JavaScript
1
star