Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mazen160/Firefox-Security-Toolkit

A tool that transforms Firefox browsers into a penetration testing suite
https://github.com/mazen160/Firefox-Security-Toolkit

Last synced: 27 days ago
JSON representation

A tool that transforms Firefox browsers into a penetration testing suite

Host: GitHub
URL: https://github.com/mazen160/Firefox-Security-Toolkit
Owner: mazen160
License: mit
Created: 2015-11-01T14:40:12.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2023-03-26T05:54:16.000Z (over 1 year ago)
Last Synced: 2024-05-15T13:42:30.704Z (4 months ago)
Language: Shell
Homepage:
Size: 22.5 KB
Stars: 479
Watchers: 42
Forks: 148
Open Issues: 3
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.txt
- License: LICENSE

Awesome Lists containing this project

README

*Firefox Security Toolkit*
====================
### A tool that transforms Firefox browsers into a penetration testing suite ###

# How? #
It downloads the most important extensions, and install it on your browser. The used extensions has been chosen by a survey among the information security community. Based on it's results, *Firefox Security Toolkit* was made. Also, it allows you to download Burp Suite certificate and a large user-agent list for User-Agent Switcher. Making it one-click away to prepare your web-application testing browser.

# How does it differ from well-known projects, such as *OWASP Mantra* and *Hcon STF*? #
*OWASP Mantra* and *Hcon STF* are not regularly updated, and needs a lot of work in order to develop and maintain. Meanwhile, *Firefox Security Toolkit* does not need a additional maintaining, although I would be maintaining it for any issues/bugs if needed. The used extensions are downloaded from Mozilla Addons Store with its latest version, to ensure the best testing experience for the penetration tester.

# Who can use *Firefox Security Toolkit*? #
Web-Application Penetration Testers, Information Security Learners, and basically anyone interested in web-application security.

# Compatibility #
The project supports Linux/Unix environments.

# Usage #
bash ./firefox_security_toolkit.sh

# Demo Video #
[Demo Video](https://www.youtube.com/watch?v=0pD-tNrxrzY)

# Available Add-ons #
* iMacros for Firefox (https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox/)
* User-Agent Switcher and Manager (https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/)
* HackBar Quantum (https://addons.mozilla.org/en-US/firefox/addon/hackbar-quantum/)
* HackBar V2 (https://addons.mozilla.org/en-US/firefox/addon/hackbar-free/)
* HackTools (https://addons.mozilla.org/en-US/firefox/addon/hacktools/)
* HTTP Header Live (https://addons.mozilla.org/en-US/firefox/addon/http-header-live/)
* show-my-ip (https://addons.mozilla.org/en-US/firefox/addon/show-ip/)
* FoxyProxy Standard (https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/)
* Wappalyzer (https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/)
* Web Developer (https://addons.mozilla.org/en-US/firefox/addon/web-developer/)
* Flagfox (https://addons.mozilla.org/en-US/firefox/addon/flagfox/)
* Resurrect Pages (https://addons.mozilla.org/en-US/firefox/addon/resurrect-pages/)
* JSONView (https://addons.mozilla.org/en-US/firefox/addon/jsonview/)
* Flagfox (https://addons.mozilla.org/en-US/firefox/addon/flagfox/)
* FoxyProxy Standard (https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/)
* Google Dork Builder (https://addons.mozilla.org/en-US/firefox/addon/google-dork-builder/)
* Disable WebRTC (https://addons.mozilla.org/en-US/firefox/addon/happy-bonobo-disable-webrtc/)
* Google Dork Builder (https://addons.mozilla.org/en-US/firefox/addon/google-dork-builder/)
* Disable WebRTC (https://addons.mozilla.org/en-US/firefox/addon/happy-bonobo-disable-webrtc/)
* Copy PlainText (https://addons.mozilla.org/en-US/firefox/addon/copy-plaintext/)
* Easy XSS (https://addons.mozilla.org/en-US/firefox/addon/easy-xss/)
* CSRF spotter (https://addons.mozilla.org/en-US/firefox/addon/csrf-spotter/)
* KNOXSS Community Edition (https://addons.mozilla.org/en-US/firefox/addon/knoxss-community-edition/)
* XML Viewer Plus (https://addons.mozilla.org/en-US/firefox/addon/xml-viewer/)
* Shodan.io (https://addons.mozilla.org/en-US/firefox/addon/shodan_io/)

# Additions & Features #
* Downloading Burp Suite certificate.
* Downloading a large user-agent list for User-Agent Switcher.

# **Legal Disclaimer** #
This project is made for educational and ethical testing purposes only. Usage of Firefox Security Toolkit for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

# **License** #
The project is licensed under MIT License.

# **Author** #
*Mazin Ahmed*
* Website: [https://mazinahmed.net](https://mazinahmed.net)
* Email: *mazin AT mazinahmed DOT net*
* Twitter: [https://twitter.com/mazen160](https://twitter.com/mazen160)
* Linkedin: [http://linkedin.com/in/infosecmazinahmed](http://linkedin.com/in/infosecmazinahmed)