Google Chrome extension Penetration Testing,Wappalyzer,shodan,BuiltWith Technology Profiler

BuiltWith Technology Profiler

The BuiltWith Chrome Extension lets you find out what a website is built with by a simple click on the builtwith icon!

BuiltWith is a web site profiler tool. Upon looking up a page, BuiltWith returns all the technologies it can find on the page. BuiltWith’s goal is to help developers, researchers and designers find out what technologies pages are using which may help them to decide what technologies to implement themselves.

BuiltWith technology tracking includes widgets (snap preview), analytics (Google, Nielsen), frameworks (.NET, Java), publishing (WordPress, Blogger), advertising (DoubleClick, AdSense), CDNs (Amazon S3, Limelight), standards (XHTML,RSS), hosting software (Apache, IIS, CentOS, Debian).


Hunter is the easiest way to find email addresses from anywhere on the web, with just one click.
# Features

✓ Get email addresses from any website: when you are on a website, click on Hunter’s button in your browser to get every email addresses we found related to the website.

✓ Find email addresses on LinkedIn profiles: when you visit a profile on LinkedIn, click on the button in your browser to find the email address of this profile in seconds.

✓ Save your leads from LinkedIn search pages and profiles. You can download all your saved leads in CSV or automatically synchronize them with Salesforce, Pipedrive, Zoho CRM, Hubspot or hundreds of other apps through Zapier.

IP Address and Domain Information

This extension displays detailed information about the current website. The information can be used for online investigation and SEO purposes.

See IP info like (IPv4 and IPv6): location, DNS, whois data, routing, domain neighbors, blacklists and ASN information. Including a shortcut to Your public IP Address (myIP info).

See domain info like: Alexa en Quantcast ranking, DMOZ info, social media activity, WOT ranking, whois data and PageRank of every domain.

See provider info like: BGP, IPv4 subnets, IPv6 subnets, connected providers (peers), hosted nameservers, hosted domains, number of spam hosts, bogon subnets and whois data.


The Shodan plugin for Chrome automatically checks whether Shodan has any information for the current website. Is the website also running FTP, DNS, SSH or some unusual service? With this plugin you can see all the info that Shodan has collected on a given website/ domain.


Wappalyzer is a cross-platform utility that uncovers the technologies used on websites. It detects content management systems, ecommerce platforms, web frameworks, server software, analytics tools and many more.

List of applications Wappalyzer detects:

XSS Rays

XSS Rays is a security tool to help pen test large web sites. It’s core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don’t have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.

You can also extract/view and edit forms non-destructively that normally can’t be edited. For example if you want to modify the value of a checkbox without changing it’s type XSS Rays can link to the object and allow you to change the value without altering the original object.

Using the object inspector you can browse through the window object and edit the contents of the functions in real time allowing you to dissect a web page and understand more how it works. This also works with globally defined functions, you can see which functions the developer has decided to place within the window object.

If you have ever wanted to search all files for a particular string, you can use the search feature to use regular expressions on all scripts and event handlers, highlighting the required keywords.

Google Hack Data Base

oogle Hack Data Base – application to work with GHDB. Choose a category and click on the necessary query. To find description vulnerability, click “Search on”. Application provides possibility to search vulnerabilities on the specified site. Just click on the search button and enter the site name. This application allows a better understanding of the basis web security.

HPP Finder

HTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.

Form Fuzzer

This is a fuzz testing,, utility I created to assist in populating web forms with some random data.

Site Spider

Use this extension to spider a website looking for dead links. One can restrict the spidering to a directory, a domain, or any other regular expression. The spider can also follow one link beyond this restriction, allowing one to find broken external links.

Usage: Install the plugin. Go to the page you want to start from. Click the spider icon in your toolbar. Set the restriction regular expression and go. To cancel a spidering session before it has finished, just close its results tab.

Security: Because this is a client-side spider, it uses your own authentication to access pages. Thus it can go wherever you have access to go. This plugin does not log any data or “phone home” in any way. It is completely open source.

The post Google Chrome extension for Penetration Testing appeared first on Penetration Testing in Linux.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s