FireCAT v2.0 - Firefox Catalog of Auditing exTensions

FireCAT v2.0 - Firefox Catalog of Auditing exTensions

FireCAT (Firefox Catalog of Auditing exTensions) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment. FireCAT is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners.

Download fireCat v2.0

• Information Gathering
  • Whois
    • Shazou 
      • Finally mapping is integrated with the Firefox browser. The product called Shazou (pronounced Shazoo it is Japanese for mapping) enables the user with one-click to map and geo-locate any website they are currently viewing. Shazou was developed as a tool to improve the awareness for people surfing the internet about where and who they are interacting with every click of the mouse.
    • domainFinder 
      • Quickly carry out whois lookups on any url on a webpage or carry out a keyword domain search on any highlighted phrase or text.
    • Domain Details 
      • Displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports. Shows links to check server status and cache when page fails to load.
  • Location Info
    • HostIP.info Geolocation Plugin 
      • Displays Geolocation information for a website using hostip.info data. Works with all versions of Firefox.
    • ShowIP 
      • Show the IP address(es) of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and hostname (left mouse button), like whois, netcraft. Additionally you can copy the IP address to the clipboard. This extension was formerly known as ipv6ident.
    • ASnumber 
      • The AS Number Extension displays interesting information the Internet Service Provider of every website visited. Along with it come some additional statistics for those who want to know what happens behind the Webs shiny surface. All data is updated daily and the prefix to AS number mapping is from a real default-free zone BGP feed.
  • Enumeration & Fingerprint
    • Header Spy 
      • Shows HTTP headers on statusbar.
    • Header Monitor 
      • Statusbar with HTTP response header monitor. This is Firefox extension for display on statusbar panel any HTTP response header of top level document returned by a web server. Example: Server (by default), Content-Encoding, Content-Type, X-Powered-By and others.
    • PassiveRecon 
      • PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information.
    • Certificate Patrol 
      • Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. This add-on reveals when certificates are updated, so you can ensure it was a legitimate change.
  • Data Mining
    • People Search and Public Record Toolbar 
      • This Firefox extension is a handy menu tool for investigators, reporters, legal professionals, real estate agents, online researchers and anyone interested in doing their own basic people searches and public record lookups as well as background research.
    • Who Is This Person? 
      • Highlight any name on a web page and see matching information from Wink, LinkedIn, Wikipedia, Facebook, Google News, Technorati, Yahoo Person Search, Spock, WikiYou, ZoomInfo, IMDB, MySpace and more...
    • Facebook Toolbar 
      • Integrate your Facebook life into your browser. Search Facebook from anywhere, Get Notified, Connect with Friends, Share Content, Upload Photos.
  • Googling & Spidering
    • Advanced Dork: 
      • Advanced Dork: gives quick access to Google's Advanced Operators directly from the context menu.
    • SpiderZilla 
      • SpiderZilla is an easy-to-use website mirror utility, based on Httrack from www.httrack.com.
    • View Dependencies 
      • View Dependencies adds a tab to the Page Info window, in which it lists all the files which were loaded to show the current page.
    • Google Site Indexer 
      • A Windows search program turned Firefox Extension, GSI Creates Site Maps based on Google queries. Useful for both Penetration Testing and Search Engine Optimization. GSI sends zero packets to the host making it anonymous.
• Proxies & Web Utilities
  • FoxyProxy Standard 
    • FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities.
  • POW (Plain Old Webserver) 
    • Turn the web on its head with the Plain Old Webserver (POW), which adds a server to your browser.
  • httProxy 
    • Access any page via configured web based proxies.
• Editors
  • JSView 
    • All browsers include a "View Source" option, but none of them offer the ability to view the source code of external files. Most websites store their javascripts and style sheets in external files and then link to them within a web page's source code.
  • Cert Viewer Plus 
    • Certificate viewer enhancements: PEM format view, file export, trust configuration. Extends the certificate viewer dialog with additional options: an X.509 certificate can be displayed in PEM format (opens in a new window) or saved to a file (PEM/DER/PKCS#7).
  • Firebug 
    • Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
    • Flashbug 
      • A Firebug extension for Flash. Extensive Flash debugging add-on (swf resources, amf data, shared objects, traces, policy log). Requires Flash Player Debugger to display traces. Requires Firebug 1.6+. (For Flash Developers)
    • FirePath 
      • FirePath is a Firebug extension that adds a development tool to edit, inspect and generate XPath 1.0 expressions and CSS 3 selectors.
    • Firecookie 
      • Firecookie is an extension for Firebug that makes possible to view and manage cookies in your browser.
    • FireRainbow 
      • Javascript syntax highlighting for Firebug.
  • XML Developer Toolbar 
    • The aim of this toolbar is to help XML developers with their programming efforts by supplying a central toolbar for everything XML.
  • xqjs 
    • Simple JS console.
  • FlashFirebug 
    • Debug ANY AS3 SWF files on the web. Edit properties and inspect elements. Redirect errors, warnings and traces to the extension. Run AS3 code and transform objects on the fly. This extension requires Firebug extension and Flash Player Debugger.
• Network Utilities
  • Intrusion Detection System
    • Firekeeper 
      • Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.
  • Sniffers
    • FFsniFF (FireFox sniFFer) 
      • FFsniFF is a simple Firefox extension, which transforms your browser into the html form sniffer. Every time the user click on 'Submit' button, FFsniFF will try to find a non-blank password field in the form. If it's found, entire form (also with URL) is sent to the specified e-mail address. It also has the ability to hide itself in the 'Extensions manager'. This extension is meant to be as an example of the 'evil side of Firefox extensions'.
  • Wireless
    • wmlbrowser 
      • Simulate WAP browsing by viewing WML (Wireless Markup Language) pages.
  • Passwords
    • Unhide Passwords 
      • If you aren't concerned about someone looking over your shoulder and stealing your passwords, why hassle with those obfuscated password fields, where you never know whether you typed your 30 character code correctly or not...This extension shows the contents of password fields in cleartext (instead of the asterisks), to make that process a bit easier.
    • CryptoFox 
      • CryptoFox is an encryption/decryption tool for Mozilla Firefox, with dictionary attack support for cracking MD5 passwords.
    • Password Hasher 
      • Better security without bursting your brain.
    • Leet Key 
      • Transforms typed or static text to L337, ROT13, BASE64, HEX, URL, BIN, DES, AES, Morse code, DVORAK keyboard layout and to lower/to upper case functionality, Leet Font.
    • Fireforce 
      • Fireforce is a Firefox extension designed to perform brute-force attacks on GET and POST forms. It can use dictionaries or generate passwords based on several character types. Attacks can be performed on two separate fields using two distinct password sources.
  • Protocols & Applications
    • FTP
      • Client and Server
        • CrossFTP 
          • This plugin contains two free FTP tools: CrossFTP Client and Server, which provide an easy and simple way to access FTP services and create file sharing environment. CrossFTP Client is a multi-tabbed FTP client for stable transfers. It provides stable utilities to transfer files, browsing/create archives, anti-idles, choose server's encodings, manage bookmarks, etc.
      • Client
        • FireFTP 
          • FireFTP is a free, secure, cross-platform FTP client for Mozilla Firefox which provides easy and intuitive access to FTP servers.
    • DNS
      • DNS Unpinning 
        • The DNSUnpinning Firefox extension provides an option in the Tools menu to disable or enable DNS caching/pinning. This extension may be useful to Web application developers, Web application security researchers, and perhaps the occasional system/network administrator of a load-balanced Web service. The extension creates the network.dnsCacheEntries preferences option and sets it to zero at browser startup, and a Tools menu item can set and clear this preference option.
    • ORACLE
      • OraDB Error Code Look-up 
        • Simplifies getting details about error numbers hit when developing applications for Oracle database.
    • SQL
      • SQLite Manager 
        • Manage any SQLite database on your computer.
      • SIDU DB Web GUI (MySQL + Postgres + SQLite) 
        • SIDU is a FREE database client working via web browser. SIDU is simple, intuitive and easy database GUI tool to use. No installation, nor configuration.
• Misc
  • Tweaks & Hacks
    • Greasemonkey 
      • Allows you to customize the way a webpage displays using small bits of JavaScript.
      • Scripts 
        • Hundreds of scripts, for a wide variety of popular sites, are already available at http://userscripts.org.
    • Technika 
      • Browser Automation Extension for Firefox. Technika is a general purpose scripting platform for Firefox. It acts like a standard OS shell scripting environment. You can script everything from the currently viewed page, just like Greasemonkey, and everything in the chrome, just like any browser extensions but without need to reload the browser every time you make a change. The platform will be used as a base component to other projects, such as TSF (Technika Security Framework) and AttackAPI browser extension.
  • Encryption / Hashing
    • Fire Encrypter 
      • FireEncrypter is an Firefox extension which gives you encryption/decryption and hashing functionalities right from your Firefox browser, mostly useful for developers or for education & fun.
    • Net-Force Tools (Firefox Extension) 
      • This extension adds some of the functionality of the Tools (http://www.net-force.nl/tools) to your right-click menu in Firefox. ASCII <-> Hex, ASCII <-> Binary, Base64 encode/decode, Javascript escape/unescape, MD5 hash, SHA1 hash.
    • MD Hash Tool 
      • Message Digest Hash Tool is a Firefox extension which can be used to compute Message Digests for files and/or text strings using various algorithms (currently MD5 and SHA-1). These digests, sometimes referred to as "digital fingerprints", are commonly used to verify that files have not been corrupted or tampered with. MDHashTool makes it easier for Firefox users to check the integrity of their downloads and generate digests for files they want to share.
  • Antivirus & Malware Scanner
    • Dr.Web anti-virus link checker 
      • This plugin allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus!
    • Fireclam 
      • Use ClamAV to scan Firefox downloads for viruses. Every download will automatically be scanned in the background. An alert message is shown if a virus is found. Works on Linux, MacOS X (requires ClamAV) and Windows (requires ClamWin).
    • Web of Trust - Safe Browsing Tool 
      • Would you like to know which websites you can trust? The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
    • BitDefender QuickScan 
      • BitDefender QuickScan is a very fast antivirus scanner, able to determine in a matter of seconds (up to 1-2 minutes on first-time scans) if a system is infected with malware.
    • Viral Threat Level 
      • Adds an image to the status bar indicating the current threat level of the internet. It allows quick access to security information that you can use to help protect yourself, and links to antivirus software comparisons and security extensions.
    • Team Cymru's MHR 
      • Malware Hash Registry (MHR). This extension allows you to quickly check your downloaded files against multiple anti-virus and anti-malware products with just one click.
    • Webutation - Reputation & Security 
      • Would you like to know which websites are safe and which website you can trust? The Webutation add-on shows you the reputation of a site with a simple green/yellow/red icon and scan's websites against virus and bad userfeedback.
  • Anti Spoof
    • refspoof 
      • Easy spoofing of the URL referer (referrer) featuring a toolbar. This means it allows to pretend to origin from any site by overriding the url referrer in an http request.
  • Anti-phishing / Pharming / Jacking
    • TraceAssure Toolbar 
      • TraceAssure's groundbreaking patent-pending web authentication technology cross references every web page domain with the corresponding IP address. This information is validated against the secure TraceAssure "White List".
    • Netcraft Toolbar 
      • Blocks phishing sites, helping to protect users from online fraud.
    • Interclue 
      • Ever wanted to know what was behind the link before you clicked? Interclue tells you everything you need to know before you open yet another tab.
  • Automation
    • iMacros for Firefox 
      • iMacros was designed to automate the most repetitious tasks on the web. If there’s an activity you have to do repeatedly, just record it in iMacros. The next time you need to do it, the entire macro will run at the click of a button! With iMacros, you can quickly and easily fill out web forms, remember passwords, create a webmail notifier, download information from other sites, scrape the Web (get data from multiple sites), and more. You can keep the macros on your computer for your own use, or share them with others by embedding them on your homepage, blog, company Intranet or any social bookmarking service. The uses are limited only by your imagination!
    • TestWise Recorder 
      • TestWise Recorder for Firefox works as a browser extension and provides an easy way to record user operations into RWebSpec and Watir automated test scripts.
  • Logs / History
    • Slogger 
      • Slogger creates a complete log of your browsing history. It can save every page using the same options as the "Save Page As" command as well as saving a customizable plain text history file.
    • Form History Control 
      • An extension to View and Manage form history entries (view, edit, delete, selective clean-up, export/import)
    • FireShot - Screenshot tool - Capture and Annotate 
      • This module aims to present your information retrieval from activities traces, and increase your reflexivity.
  • Backup & Synchronization
    • FEBE 
      • FEBE (Firefox Environment Backup Extension) allows you to quickly and easily backup your Firefox extensions. In fact, it goes beyond just backing up -- It will actually rebuild your extensions individually into installable .xpi files. Now you can easily synchronize your office and home browsers.
    • OPIE 
      • OPIE (Ordered Preference Import/Export) is a Firefox extension that allows you to import and export your installed extension preferences. This is useful when installing extensions in a new profile, or synchronizing multiple Firefox installations.
    • CLEO 
      • CLEO (Compact Library Extension Organizer) is a Firefox extension that works with FEBE to package any number of extensions/themes into a single, installable .xpi file.
    • Public Fox 
      • Block downloads, lock down bookmarks/addons/downloads with a password.
  • Protection
    • TrackMeNot 
      • Protects privacy in web-search. By issuing randomized queries to popular search-engines, including Google, Bing, and Baidu, TrackMeNot obfuscates users' search data profiles.
    • NoScript 
      • The best security you can get in a web browser! Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
    • CookieSafe 
      • This extension will allow you to easily control cookie permissions. It will appear on your statusbar. Just click on the icon to allow, block, or temporarily allow the site to set cookies. You can also view or clear the cookies and exceptions by right clicking on the statusbar icon.
    • TrackerBlock 
      • Complete control over online tracking using multiple methods, including cookie blocking, persistent opt-out cookies, Flash and HTML5 control, and Do Not Track signals.
    • Adblock Plus 
      • Annoyed by adverts? Troubled by tracking? Bothered by banners? Install Adblock Plus now to regain control of the internet and change the way that you view the web.
• IT Security Related
  • OSVBD Search 
    • The Mozilla OSVDB Search utility will add the option to search OSVDB directly from your web browser's side bar or search box. This will work in the Mozilla-based browsers: FireFox, Mozilla, Beonex, and Netscape.
  • CVE ® dictionary search plugin 
    • This plugin lets you search on Common Vulnerabilities and Exposures (CVE®) dictionary.
  • OVAL repository search plugin 
    • This plugin lets you search on OVAL Repository.
  • Homeland Security Threat Level 
    • Displays the current U.S. Homeland Security Threat Level as an icon in the status bar.
  • Packet Storm search plugin 
    • This plugin lets you search on Packet Storm - www.packetstormsecurity.org - database. Packet Storm offers an abundant resource of up-to-date and historical security tools, exploits, and advisories.
  • SecurityFocus Vulnerabilities search plugin 
    • This plugin lets you search on Security Focus Vulnerabilities.
  • Offsec Exploit-DB Search 
    • This plugin lets you search on Offsec Exploit archive - http://exploit-db.com. Offsec Exploit archive, also known as Explo.it, is the replacement of Milw0rm archive.
  • Security Database (ToolsWatch) 
    • Security-Database Tools Watch is updated daily to maintain the community informed. It focuses on the best software ever.
  • SHODAN Computer Search 
    • This plugin lets you search using the SHODAN computer search engine. You can get more information about keywords and options at http://shodan.surtri.com/
• Application Auditing
  • HackBar 
    • This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster.
  • Selenium Expert (Selenium IDE) 
    • Selenium IDE is an integrated development environment for Selenium scripts. It is implemented as a Firefox extension, and allows you to record, edit, and debug tests. Selenium IDE includes the entire Selenium Core, allowing you to easily and quickly record and play back tests in the actual environment that they will run.
  • FireWatir 
    • FireWatir has a similar API to Watir, though accesses the DOM by invoking JavaScript by using the JSSh XPI to telnet into the browser. FireWatir is compatible with Firefox 1.5 and above: running on Windows, OSX and GNU\Linux. There is an ongoing merge of FireWatir and Watir; intially through running the Watir unit tests against FireWatir and eventually merging the code-bases.
    • Scripts
      • A collection of examples contributed by a variety of Watir People.
  • Chickenfoot 
    • Chickenfoot is a Firefox extension that puts a programming environment in the browser's sidebar so you can write scripts to manipulate web pages and automate web browsing. In Chickenfoot, scripts are written in a superset of Javascript that includes special functions specific to web tasks.
    • API & Commands 
    • Scripts 
  • Tamper Data 
    • Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Trace and time http response/requests. Security test web applications by modifying POST parameters.
  • Live HTTP Headers 
    • View HTTP headers of a page and while browsing.
  • RefControl 
    • Control what gets sent as the HTTP Referer on a per-site basis. You create a list of sites, and the referrer that should be sent for each site. You can choose to send that referrer unconditionally or only for third-party requests. Additionally, you can specify the default behavior for any site not in the list.
  • User Agent Switcher 
    • The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of the browser.
  • Add N Edit Cookies 
    • Cookie Editor that allows you add and edit "session" and saved cookies.
  • CookieSwap 
    • If you have multiple logins for web based e-mail accounts (like Gmail and Yahoo! mail), then CookieSwap enables you to easily switch between those different user accounts by swapping the 'cookies' that the sites use to know your identity.
  • CookieMan Context 
    • Adds a context menu to Firefox's cookie manager and permissions dialogs.
  • Web Developer 
    • The Web Developer extension adds a menu and a toolbar with various web developer tools.
  • allcookies 
    • Dumps ALL cookies (including session cookies) to Firefox standard cookies.txt file
  • DOM Inspector 
    • DOM Inspector is a tool that can be used to inspect and edit the live DOM of any web document or XUL application. The DOM can be navigated using a two-paned window displaying a variety of different views on the document and all nodes within.
    • InspectThis 
      • Inspect the current element with the DOM Inspector. Adds an entry to the context menu to open the DOM Inspector on the selected element. Ideal for AJAX, DHTML and JavaScript work.
  • FormFox 
    • Do you know where your form information is going? This extension displays the form action (the site to which the information you've entered is being sent.) In any place where you can enter data, from search boxes to order forms, mouse over the final Submit button to reveal the destination.
  • Poster 
    • A developer tool for interacting with web services and other web resources that lets you make HTTP requests, set the entity body, and content type. This allows you to interact with web services and inspect the results.
  • Exploit-Me 
    • Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use.
    • XSS Me 
      • Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.
    • SQL Inject Me 
      • SQL Injection vulnerabilities can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
    • Access Me 
      • Access vulnerabilities in an application can allow an attacker to access resources without being authenticated. Access-Me is a Firefox extension used to test for Access vulnerabilities.
  • SQL Injection 
    • SQL Injection is an Upgrade from the old form free, it is a component to transform checkboxes, radio buttons, select elements to a input text and enable disabled elements from all forms in a page. It makes easier to test and identify SQL injection vulnerabilities in web pages.
  • Groundspeed 
    • Groundspeed is an add-on that allows security testers to manipulate the application user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration tests.
  • UrlParams 
    • Shows you the GET and POST parameters of the current website in the sidebar.
  • Digger fan update 
    • Digger provides a menu of URLs formed by repeatedly removing the last section of a hierarchical URL.
  • HTTPS Finder 
  • HTTPS Finder automatically detects and enforces HTTPS connections when available. It also provides one-click creation and in-browser editing for HTTPS Everywhere rules. Other features include an ignore-domain 'whitelist' and an alert-only mode.
  • Source-
  • http://www.firecat.fr/