Choose Your Destiny: FireCAT 2.0 Released - Firefox Catalog of Auditing Extensions

FireCAT (Firefox Catalog of Auditing exTensions) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment. FireCAT is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners.

FireCAT v2.0 - Firefox Catalog of Auditing exTensions

FireCAT v2.0 - Firefox Catalog of Auditing exTensions
- Information Gathering
  - Whois
    - Shazou
      - Finally mapping is integrated with the Firefox browser. The product called Shazou (pronounced Shazoo it is Japanese for mapping) enables the user with one-click to map and geo-locate any website they are currently viewing. Shazou was developed as a tool to improve the awareness for people surfing the internet about where and who they are interacting with every click of the mouse.
    - domainFinder
      - Quickly carry out whois lookups on any url on a webpage or carry out a keyword domain search on any highlighted phrase or text.
    - Domain Details
      - Displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports. Shows links to check server status and cache when page fails to load.
  - Location Info
    - HostIP.info Geolocation Plugin
      - Displays Geolocation information for a website using hostip.info data. Works with all versions of Firefox.
    - ShowIP
      - Show the IP address(es) of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and hostname (left mouse button), like whois, netcraft. Additionally you can copy the IP address to the clipboard. This extension was formerly known as ipv6ident.
    - ASnumber
      - The AS Number Extension displays interesting information the Internet Service Provider of every website visited. Along with it come some additional statistics for those who want to know what happens behind the Webs shiny surface. All data is updated daily and the prefix to AS number mapping is from a real default-free zone BGP feed.
  - Enumeration & Fingerprint
    - Header Spy
      - Shows HTTP headers on statusbar.
    - Header Monitor
      - Statusbar with HTTP response header monitor. This is Firefox extension for display on statusbar panel any HTTP response header of top level document returned by a web server. Example: Server (by default), Content-Encoding, Content-Type, X-Powered-By and others.
    - PassiveRecon
      - PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information.
    - Certificate Patrol
      - Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. This add-on reveals when certificates are updated, so you can ensure it was a legitimate change.
  - Data Mining
    - People Search and Public Record Toolbar
      - This Firefox extension is a handy menu tool for investigators, reporters, legal professionals, real estate agents, online researchers and anyone interested in doing their own basic people searches and public record lookups as well as background research.
    - Who Is This Person?
      - Highlight any name on a web page and see matching information from Wink, LinkedIn, Wikipedia, Facebook, Google News, Technorati, Yahoo Person Search, Spock, WikiYou, ZoomInfo, IMDB, MySpace and more...
    - Facebook Toolbar
      - Integrate your Facebook life into your browser. Search Facebook from anywhere, Get Notified, Connect with Friends, Share Content, Upload Photos.
  - Googling & Spidering
    - Advanced Dork:
      - Advanced Dork: gives quick access to Google's Advanced Operators directly from the context menu.
    - SpiderZilla
      - SpiderZilla is an easy-to-use website mirror utility, based on Httrack from www.httrack.com.
    - View Dependencies
      - View Dependencies adds a tab to the Page Info window, in which it lists all the files which were loaded to show the current page.
    - Google Site Indexer
      - A Windows search program turned Firefox Extension, GSI Creates Site Maps based on Google queries. Useful for both Penetration Testing and Search Engine Optimization. GSI sends zero packets to the host making it anonymous.
- Proxies & Web Utilities
  - FoxyProxy Standard
    - FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities.
  - POW (Plain Old Webserver)
  - httProxy
    - Access any page via configured web based proxies.
- Editors
  - JSView
    - All browsers include a "View Source" option, but none of them offer the ability to view the source code of external files. Most websites store their javascripts and style sheets in external files and then link to them within a web page's source code.
  - Cert Viewer Plus
    - Certificate viewer enhancements: PEM format view, file export, trust configuration. Extends the certificate viewer dialog with additional options: an X.509 certificate can be displayed in PEM format (opens in a new window) or saved to a file (PEM/DER/PKCS#7).
  - Firebug
    - Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
    - Flashbug
      - A Firebug extension for Flash. Extensive Flash debugging add-on (swf resources, amf data, shared objects, traces, policy log). Requires Flash Player Debugger to display traces. Requires Firebug 1.6+. (For Flash Developers)
    - FirePath
      - FirePath is a Firebug extension that adds a development tool to edit, inspect and generate XPath 1.0 expressions and CSS 3 selectors.
    - Firecookie
      - Firecookie is an extension for Firebug that makes possible to view and manage cookies in your browser.
    - FireRainbow
      - Javascript syntax highlighting for Firebug.
  - XML Developer Toolbar
    - The aim of this toolbar is to help XML developers with their programming efforts by supplying a central toolbar for everything XML.
  - xqjs
    - Simple JS console.
  - FlashFirebug
    - Debug ANY AS3 SWF files on the web. Edit properties and inspect elements. Redirect errors, warnings and traces to the extension. Run AS3 code and transform objects on the fly. This extension requires Firebug extension and Flash Player Debugger.
- Network Utilities
  - Intrusion Detection System
    - Firekeeper
  - Sniffers
    - FFsniFF (FireFox sniFFer)
  - Wireless
    - wmlbrowser
  - Passwords
    - Unhide Passwords
      - If you aren't concerned about someone looking over your shoulder and stealing your passwords, why hassle with those obfuscated password fields, where you never know whether you typed your 30 character code correctly or not...This extension shows the contents of password fields in cleartext (instead of the asterisks), to make that process a bit easier.
    - CryptoFox
      - CryptoFox is an encryption/decryption tool for Mozilla Firefox, with dictionary attack support for cracking MD5 passwords.
    - Password Hasher
      - Better security without bursting your brain.
    - Leet Key
      - Transforms typed or static text to L337, ROT13, BASE64, HEX, URL, BIN, DES, AES, Morse code, DVORAK keyboard layout and to lower/to upper case functionality, Leet Font.
    - Fireforce
      - Fireforce is a Firefox extension designed to perform brute-force attacks on GET and POST forms. It can use dictionaries or generate passwords based on several character types. Attacks can be performed on two separate fields using two distinct password sources.
  - Protocols & Applications
    - FTP
      - Client and Server
        CrossFTP
        This plugin contains two free FTP tools: CrossFTP Client and Server, which provide an easy and simple way to access FTP services and create file sharing environment. CrossFTP Client is a multi-tabbed FTP client for stable transfers. It provides stable utilities to transfer files, browsing/create archives, anti-idles, choose server's encodings, manage bookmarks, etc.
      - Client
        FireFTP
    - DNS
      - DNS Unpinning
    - ORACLE
      - OraDB Error Code Look-up
    - SQL
      - SQLite Manager
      - SIDU DB Web GUI (MySQL + Postgres + SQLite)
- Misc
- IT Security Related
  - OSVBD Search
    - The Mozilla OSVDB Search utility will add the option to search OSVDB directly from your web browser's side bar or search box. This will work in the Mozilla-based browsers: FireFox, Mozilla, Beonex, and Netscape.
  - CVE ® dictionary search plugin
    - This plugin lets you search on Common Vulnerabilities and Exposures (CVE®) dictionary.
  - OVAL repository search plugin
    - This plugin lets you search on OVAL Repository.
  - Homeland Security Threat Level
    - Displays the current U.S. Homeland Security Threat Level as an icon in the status bar.
  - Packet Storm search plugin
    - This plugin lets you search on Packet Storm - www.packetstormsecurity.org - database. Packet Storm offers an abundant resource of up-to-date and historical security tools, exploits, and advisories.
  - SecurityFocus Vulnerabilities search plugin
    - This plugin lets you search on Security Focus Vulnerabilities.
  - Offsec Exploit-DB Search
    - This plugin lets you search on Offsec Exploit archive - http://exploit-db.com. Offsec Exploit archive, also known as Explo.it, is the replacement of Milw0rm archive.
  - Security Database (ToolsWatch)
    - Security-Database Tools Watch is updated daily to maintain the community informed. It focuses on the best software ever.
  - SHODAN Computer Search
    - This plugin lets you search using the SHODAN computer search engine. You can get more information about keywords and options at http://shodan.surtri.com/
- Application Auditing
  - HackBar
    - This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster.
  - Selenium Expert (Selenium IDE)
    - Selenium IDE is an integrated development environment for Selenium scripts. It is implemented as a Firefox extension, and allows you to record, edit, and debug tests. Selenium IDE includes the entire Selenium Core, allowing you to easily and quickly record and play back tests in the actual environment that they will run.
  - FireWatir
    - FireWatir has a similar API to Watir, though accesses the DOM by invoking JavaScript by using the JSSh XPI to telnet into the browser. FireWatir is compatible with Firefox 1.5 and above: running on Windows, OSX and GNU\Linux. There is an ongoing merge of FireWatir and Watir; intially through running the Watir unit tests against FireWatir and eventually merging the code-bases.
    - Scripts
  - Chickenfoot
    - Chickenfoot is a Firefox extension that puts a programming environment in the browser's sidebar so you can write scripts to manipulate web pages and automate web browsing. In Chickenfoot, scripts are written in a superset of Javascript that includes special functions specific to web tasks.
    - API & Commands
    - Scripts
  - Tamper Data
    - Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Trace and time http response/requests. Security test web applications by modifying POST parameters.
  - Live HTTP Headers
    - View HTTP headers of a page and while browsing.
  - RefControl
    - Control what gets sent as the HTTP Referer on a per-site basis. You create a list of sites, and the referrer that should be sent for each site. You can choose to send that referrer unconditionally or only for third-party requests. Additionally, you can specify the default behavior for any site not in the list.
  - User Agent Switcher
    - The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of the browser.
  - Add N Edit Cookies
    - Cookie Editor that allows you add and edit "session" and saved cookies.
  - CookieSwap
    - If you have multiple logins for web based e-mail accounts (like Gmail and Yahoo! mail), then CookieSwap enables you to easily switch between those different user accounts by swapping the 'cookies' that the sites use to know your identity.
  - CookieMan Context
    - Adds a context menu to Firefox's cookie manager and permissions dialogs.
  - Web Developer
    - The Web Developer extension adds a menu and a toolbar with various web developer tools.
  - allcookies
    - Dumps ALL cookies (including session cookies) to Firefox standard cookies.txt file
  - DOM Inspector
    - DOM Inspector is a tool that can be used to inspect and edit the live DOM of any web document or XUL application. The DOM can be navigated using a two-paned window displaying a variety of different views on the document and all nodes within.
    - InspectThis
      - Inspect the current element with the DOM Inspector. Adds an entry to the context menu to open the DOM Inspector on the selected element. Ideal for AJAX, DHTML and JavaScript work.
  - FormFox
    - Do you know where your form information is going? This extension displays the form action (the site to which the information you've entered is being sent.) In any place where you can enter data, from search boxes to order forms, mouse over the final Submit button to reveal the destination.
  - Poster
    - A developer tool for interacting with web services and other web resources that lets you make HTTP requests, set the entity body, and content type. This allows you to interact with web services and inspect the results.
  - Exploit-Me
    - Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use.
    - XSS Me
      - Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.
    - SQL Inject Me
      - SQL Injection vulnerabilities can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
    - Access Me
      - Access vulnerabilities in an application can allow an attacker to access resources without being authenticated. Access-Me is a Firefox extension used to test for Access vulnerabilities.
  - SQL Injection
    - SQL Injection is an Upgrade from the old form free, it is a component to transform checkboxes, radio buttons, select elements to a input text and enable disabled elements from all forms in a page. It makes easier to test and identify SQL injection vulnerabilities in web pages.
  - Groundspeed
    - Groundspeed is an add-on that allows security testers to manipulate the application user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration tests.
  - UrlParams
    - Shows you the GET and POST parameters of the current website in the sidebar.
  - Digger fan update
    - Digger provides a menu of URLs formed by repeatedly removing the last section of a hierarchical URL.
  - HTTPS Finder
    - HTTPS Finder automatically detects and enforces HTTPS connections when available. It also provides one-click creation and in-browser editing for HTTPS Everywhere rules. Other features include an ignore-domain 'whitelist' and an alert-only mode.