Olivia
Online
pentestkit
@pentestkit
Cross-browser extension Penetration Testing Kit
Joined May 2021
7 Following
74 Followers
61 Posts
๐ข๐ช๐๐ฆ๐ฃ ๐ฃ๐ง๐ ๐ถ๐ ๐ป๐ผ๐ ๐ฎ๐๐ฎ๐ถ๐น๐ฎ๐ฏ๐น๐ฒ ๐ฎ๐ ๐ฎ๐ป ๐ป๐ฝ๐บ ๐ฝ๐ฎ๐ฐ๐ธ๐ฎ๐ด๐ฒ
Instead of treating browser security testing as a separate manual activity, teams can now run PTK-backed scans as part of automation.
https://t.co/gjAifVjuoQ
Blog: Automating OWASP PTK with ZAP (Phase 1)
You can now automate @OWASP @pentestkit using ZAP
https://t.co/hbjQcCqpIa
#zaproxy #owasp #appsec
I wrote a scenario like a prompt, hit runโฆ and Codex just did the job.
Playwright is driving the browser.
OWASP PTK is turning it into real DAST/IAST findings.
It even solved a math captcha on its own.
This is what crawling should look like.
https://t.co/5JlkA9X4B7
@DerrickShieldsX - is it you? Peritus Labs says itโs โThe Data Consultancy for Serious Organizations.โ Odd, because posting โPTK got hackedโ in public and asking me to chase you for the details is the opposite of serious. Report privately, with evidence. Or say it wasnโt you.
Who to follow
True Positives 
@TruePositives
Expertly managed, outsourced AppSec Testingโease you can rely on, quality you can trust, and costs that make sense.
David McHale - InfoSec Educator - DevSecOps Nerd
@HailBytes
Co-Founder @ HailBytes
Building HailBytes Security Awareness Training Platform and HailBytes Attack Surface Management Platform on AWS and Azure Marketplace
Manu
@rtfmkiesel
hรคcker
Blog: ZAP Updates for March:
https://t.co/RS700RekpN
ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects
Cc @javamuffinztx @seqradev @pentestkit
#zaproxy #appsec
This is huge!
https://t.co/NJhXgltA5D
OWASP PTK massively increases ZAPโs browser side testing capabilities .. and automation is up next!
Many thanks to @pentestkit for this great integration.
#zaproxy #owasp #appsec
With OWASP PTK 9.8.0 and the ZAP PTK add-on 0.3.0, findings from PTK can now show up in ZAP as native Alerts.
https://t.co/reS5mojceu
OWASP PTK + ZAP
PTK 9.8.0 with auto-discovery is out and I tested it on https://t.co/X9AYVTCFMN
10 XSS first.
Same workflow + auto-discovery.
32 high-severity findings across XSS + SQLi.
Video: https://t.co/lMD94DkBAY
#AppSec #BugBounty #XSS #SQLi #DAST
๐ข๐ช๐๐ฆ๐ฃ ๐ฃ๐ง๐ ๐ต.๐ณ.๐ฌ is out for Chromium and Firefox
This release is all about improving the ๐ฏ๐๐ด ๐ฏ๐ผ๐๐ป๐๐ ๐๐๐ฒ๐ฟ ๐ฒ๐
๐ฝ๐ฒ๐ฟ๐ถ๐ฒ๐ป๐ฐ๐ฒ.
See how SAST can find hidden routes!
๐ข๐ช๐๐ฆ๐ฃ ๐ฃ๐ง๐ ๐ต.๐ฒ.๐ฌ ๐ถ๐ ๐ผ๐๐ - a reporting + correlation focused release.
This version is all about turning scan output into something you can actually share, triage, and act on.
https://t.co/Freljr6vZD
Reposting this write-up - if you try the add-on, break it (politely) and tell me what youโd like to see next. Bugs, issues, and reviews genuinely help.
https://t.co/J3tCD0whLZ
๐ญ๐๐ฃ + ๐ข๐ช๐๐ฆ๐ฃ ๐ฃ๐ง๐ as a browser-based AppSec tool is a pretty powerful combo.
Iโm really excited to share a major milestone for OWASP PTK: the ๐ข๐ช๐๐ฆ๐ฃ ๐ฃ๐ง๐ ๐ฎ๐ฑ๐ฑ-๐ผ๐ป ๐ณ๐ผ๐ฟ ๐ญ๐๐ฃ is now released.
https://t.co/wLvk4NNhpo
PWASP PTK 9.5.0 has been released:
JWT attacks improved: fixed false positives for alg=none checks and better handling of public/unauthenticated endpoints.
SPA attacks support: improved attack flow for modern single-page applications.
UI performance and bug fixes.
OWASP PTK v.9.1.0/1 has just been released with a full house appsec tools:
- DAST (Dynamic Application Security Testing)
- IAST (Interactive Application Security Testing)
- SAST (Static Application Security Testing)
- SCA (Software Composition Analysis)
Meet first in class in-browser IAST agent for JavaScript!
In OWASP PTK v9, weโve introduced an integrated IAST capability to help surface client-side issues immediately:
*Taint-Flow Visibility
*Contextual Findings
*Zero-Configuration Deployment
The OWASP PTK extension will be included as one of the default system-level Firefox pentesting extensions in the upcoming major release of Athena OS, which will transition from Arch to a Fedora-based environment.
See https://t.co/Va3iYZPbNE
๐ฐ5 BEST CHROME EXTENSIONS FOR HACKERS๐ฐ
1. Tamper Data
The Tamper Data extension (https://t.co/HB2FIoCXBl) provides such functionalities. It is an essential tool that supports ethical hacking processes through the Chrome web browser.
2. Hackbar
The HackBar extension (https://t.co/LanIY5AytG) assists in hash generation, XSS queries, decoding, encoding, and SQL functions other than an interface. The extension helps users easily copy, read, and request URLs,
3. Open the Port Check Tool
The Open Port Check Tool extension (https://t.co/u9vl5WTXJ2) helps hackers detect if a computer has any open ports. The extension alerts users to turn off all unused ports to reduce the possibility of an intrusion.
4. Request Maker
Hackers find the Request Maker extension (https://t.co/RmJZszpsmx) useful when conducting fuzz tests to detect security vulnerabilities and coding errors. The Request Maker tool simplifies the process since it is designed as a core pen-testing tool.
5. Penetration Testing Kit
The Chrome-based Penetration Testing Kit (https://t.co/THFffXCLAt) contains a bundle of useful pen-testing exercises for professional, ethical hackers. The extension provides an interface through which users can view and send responses and request information.
OWASP PTK v 8.9 with cheat sheets for XSS and SQL just released. All your favorite attack payloads in one place - from XSS WAF bypass to SQL injections for MySQL/MSSQL/Oracle/PostgreSQL.
Sometimes appsec is just one click in your browser.
Last Seen Users on Sotwe
Arliani
Seen from Singapore
Lyns - Heated Rivalry Ilya and Shane OWN Me ๐ฉต๐ฉต
Seen from Malaysia
pecinta vcs tante
Seen from Indonesia
Honeymoon
bแบฃo thanh
Seen from Vietnam
. เธเนเธฒเธงเนเธเธเนเธฒเธ. เธเธญเธ เธชเธฒเธงเนเธซเธเน
Seen from Thailand
Emma
CARDEL SERT SEVER
Seen from Turkey
Sarina Valentina
Seen from United States
๐๊แ๐๐๐ต
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers