The Web Local





FireCAT is a Firefox Framework Map collection of the most useful security oriented plug-ins.  FireCAT has associated Firefox plug-ins that will help performing a vulnerability assessment/ Penetration Test with the following tasks/stages:


  • File Cookie Editing

  • Information Gathering

  • IT security Related

  • Miscellaneous

  • Network Utilities

  • Security Auditing

  • Web/ Proxy Utilities


It is available in three formats, HTML, PDF and Freemind .mm from here


Changes for version 1.4


Information Gathering (Enumeration and Fingerprinting)
Passive Recon : PassiveRecon allows Information Security professionals the ability to perform "packetless" discovery of target resources utilizing publicly available information


Security Auditing
Selenium IDE : Selenium is a test tool for web applications. Selenium tests run directly in a browser, just like real users do

RESTTest : Construct custom HTTP requests to directly test requests against a server. RESTTest uses the XmlHttpRequest object and allows you to simulate XHR to quickly prototype requests and test security problems. Designed specifically for working with REST sources, supporting all HTTP methods

Acunetix Firefox plugin: Read here a good review by Kev Orrey.


IT Security Related
Added Milw0rm Exploits Search


Changes for version 1.3


Information Gathering (Googling and Spidering)

  • GSI Google Site indexer (GSI Creates Site Maps based on Google queries. Useful for both Penetration Testing and Search Engine Optimization. GSI sends zero packets to the host making it anonymous)


Information Gathering (Data mining)

  • Who is this person (Highlight any name on a web page and see matching information from Wink, LinkedIn, Wikipedia, Facebook, Google News, Technorati, Yahoo Person Search, Spock, WikiYou, ZoomInfo, IMDB, MySpace and more...)
  • FaceBook Toolbar (Search Facebook from anywhere The Search Box allows you to easily search Facebook no matter)


Information Gathering (Location info)

  • Router Status (Shows the current status of your router in the status bar and allows you to control it)


Security Auditing

  • XSS-Me (the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS) vulnerabilities)
  • SQL Inject-Me (the Exploit-Me tool used to test for SQL Injection vulnerabilities)
  • FireWatir (Watir is a simple open-source library for automating web browsers. It allows you to write tests that are easy to read and easy to maintain. It is optimized for simplicity and flexibility)


Network utilities (Database)

  • SQLite Manager (Manage any SQLite database on your computer.)




Firefox obviously!



IT Security News:


Pen Testing Framework:


Latest Tool Reviews: