The phrase “hacking utilities” has gradually come to acquire a negative meaning. Antivirus software teams curse them out, and users look down on them, placing them on a par with potential threats. But one can perform an audit and other relatively significant tasks simply from the browser, if it is prepared properly. In this article we take a look at the respective add-ons to Chrome, but one can find similar additions for Firefox as well.
In addition to Chrome and Firefox, the same add-ons are available for Opera and other browsers. Some of them are available in official stores or on developer websites, while other projects have found themselves a home on GitHub. Their functions overlap to a great extent, so I recommend trying all of them and only keeping the most important ones.
The charm of modern browsers is that they can replace a whole set of utilities without causing any suspicions whatsoever. They are not simply a tool to look at websites, they are universal platforms that can interact with any remote services. So let’s open “chrome://extensions/” or “about:addons”, and add-on by add-on transform the browser into a powerful tool for pentests.
WARNINGA security audit means that the resource owner must obtain preliminary agreement from the resource owner, and in most cases it requires a license. If they don’t have licenses, users can only test their own website. Neither the editorial office nor the author shall be responsible for any possible damage inflicted by improper use of the add-ons described below.
IP Address and Domain Information
Reconnaissance always precedes any new operation, and for use we’ll turn to the TCPIPutils.com add-on for help. After we get an IP, it provides a lot of interesting information about the website, the domain, and the hosting provider. A separate tab conveniently provides users with the ability to view your current IP and see what computer address the websites are finding. Install add-on at the official Chrome store.
The next stage after viewing the entries from the open databases of official registrators is to check the site through the Shodan shadow search engine. This will also show the owner of the IP address on the map and produce a list of open ports and services, including the version number. This free add-on is available at shodan.io and the [Chrome store] (https://chrome.google.com/webstore/detail/shodan/jjalcfnidlmpjhdfepjhjbhnhkbgleap).