Penetration Testing Kit for Chrome
More About Penetration Testing Kit
1) Dashboard - With information about client/server technologies, like Wappalyzer our PenTestKit extension can give you the same information and even more. You can see request/response information and then execute them again in request builder. View the response in HTML view to prove your XSS attack success.
2) Request Builder - Need to check what happens if you send a SQL injection or XSS attack? Just use this request builder, modify the parameters, execute the request and check it right in your Chrome browser.
3) Recorder - This part of the extension is really good for InsightAppSec or AppSpider Enterprise users. You can record a macro and modify it right here if you need any changes, then copy or download the recorded macro and upload into directly InsightAppSec or AppSpider Enterprise. You also can record a traffic and export it as a HAR file and use for traffic authentication in AppSec products.
Since version #2.2.0 macro replay functionality is supported.
4) OWASP Security Headers - Check if your web application follows recommendations from OWASP for headers like X-XSS-Protection or X-Content-Type-Options.
5) Swagger utility allows you to see all endpoints from swagger file - json or yaml.
6) AppSpider Pro reports validate functionality is supported since #2.2.0