pentestkit

𝗢𝗪𝗔𝗦𝗣 𝗣𝗧𝗞 𝟵.𝟳.𝟬 is out for Chromium and Firefox This release is all about improving the 𝗯𝘂𝗴 𝗯𝗼𝘂𝗻𝘁𝘆 𝘂𝘀𝗲𝗿 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲. See how SAST can find hidden routes!

𝗢𝗪𝗔𝗦𝗣 𝗣𝗧𝗞 𝟵.𝟲.𝟬 𝗶𝘀 𝗼𝘂𝘁 - a reporting + correlation focused release. This version is all about turning scan output into something you can actually share, triage, and act on. pentestkit.co.uk/release_notes.…

Reposting this write-up - if you try the add-on, break it (politely) and tell me what you’d like to see next. Bugs, issues, and reviews genuinely help. cybersecuritynews.com/zap-owasp-pent…

𝗭𝗔𝗣 + 𝗢𝗪𝗔𝗦𝗣 𝗣𝗧𝗞 as a browser-based AppSec tool is a pretty powerful combo. I’m really excited to share a major milestone for OWASP PTK: the 𝗢𝗪𝗔𝗦𝗣 𝗣𝗧𝗞 𝗮𝗱𝗱-𝗼𝗻 𝗳𝗼𝗿 𝗭𝗔𝗣 is now released. zaproxy.org/blog/2026-01-1…

PWASP PTK 9.5.0 has been released: JWT attacks improved: fixed false positives for alg=none checks and better handling of public/unauthenticated endpoints. SPA attacks support: improved attack flow for modern single-page applications. UI performance and bug fixes.

OWASP PTK v.9.1.0/1 has just been released with a full house appsec tools: - DAST (Dynamic Application Security Testing) - IAST (Interactive Application Security Testing) - SAST (Static Application Security Testing) - SCA (Software Composition Analysis)

Meet first in class in-browser IAST agent for JavaScript! In OWASP PTK v9, we’ve introduced an integrated IAST capability to help surface client-side issues immediately: *Taint-Flow Visibility *Contextual Findings *Zero-Configuration Deployment

The OWASP PTK extension will be included as one of the default system-level Firefox pentesting extensions in the upcoming major release of Athena OS, which will transition from Arch to a Fedora-based environment. See #_top" target="_blank" rel="nofollow noopener">athenaos.org/en/resources/b…

🔰5 BEST CHROME EXTENSIONS FOR HACKERS🔰 1. Tamper Data The Tamper Data extension (chrome.google.com/webstore/detai…) provides such functionalities. It is an essential tool that supports ethical hacking processes through the Chrome web browser. 2. Hackbar The HackBar extension (chrome.google.com/webstore/detai…) assists in hash generation, XSS queries, decoding, encoding, and SQL functions other than an interface. The extension helps users easily copy, read, and request URLs, 3. Open the Port Check Tool The Open Port Check Tool extension (chrome.google.com/webstore/detai…) helps hackers detect if a computer has any open ports. The extension alerts users to turn off all unused ports to reduce the possibility of an intrusion. 4. Request Maker Hackers find the Request Maker extension (chrome.google.com/webstore/detai…) useful when conducting fuzz tests to detect security vulnerabilities and coding errors. The Request Maker tool simplifies the process since it is designed as a core pen-testing tool. 5. Penetration Testing Kit The Chrome-based Penetration Testing Kit (chrome.google.com/webstore/detai…) contains a bundle of useful pen-testing exercises for professional, ethical hackers. The extension provides an interface through which users can view and send responses and request information.

OWASP PTK v 8.9 with cheat sheets for XSS and SQL just released. All your favorite attack payloads in one place - from XSS WAF bypass to SQL injections for MySQL/MSSQL/Oracle/PostgreSQL. Sometimes appsec is just one click in your browser.

Officially! OWASP PTK has reached 20K users on Chrome. Bug bounty, pentest, or just learning AppSec is much easier with the OWASP PTK. #owasp #appsec #penetrationtesting #BugBounty

How to solve JWT PortSwigger labs using OWASP PTK youtu.be/YuhUocQ6pmU?si… via @YouTube

OWASP PTK v. 8.6 has been released with a new feature - JWT Inspector. It empowers you to analyze JSON Web Tokens (JWT), build new tokens, and generate public and private keys for JWT signing. Watch the video - youtu.be/U3LVJ5OU4Kw

Like OWASP PTK do? Leave us a review and help us spread the word! producthunt.com/products/owasp…

OWASP PTK #8 4 3 request smuggling youtu.be/VoFUwUim0dA via @YouTube

Extensive trials finished successfully ✅Blessing from trial participants ✅ Solid vetting by outside experts ✅ Set to launch at 🚀 True-Inspect.com 🚀 is FREE TO USE enterprise-intensive #AppSec testing. #securitytesting #qa #applicationtesting #testing #development

Yet another video about OWAS PTK v 8.3. Scan in runtime, scan a request, SQL Injections, and reflected XSS attacks just while you browse an app. youtu.be/EnLjCZB813s

After more than 6 years of PTK development, I have to ask for support. Any help would be much appreciated - paypal.com/donate/?hosted…

Ease and boost performance in #appsec and #offensivesecurity. with a FREE, open-source plug-in that turns your browser into a powerful, feature-packed application security testing kit. @pentestkit Denis Podgurskii True Positives, LLC. #security #infos…lnkd.in/g3kDH-bF

Hey! OWASP Belfast will be hosting an online event about client-side JavaScript SAST and how to use @semgrep to help you empower application security. Feel free to join us on Monday 28th - meetup.com/owasp-belfast/…