Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Firefox search add-ons for Security-Nerds™

After looking over the slidedeck from Michael “theprez98” Schearer’s Blackhat Webcast, I decided (like a lot of people I’m sure) to have a quick look at what Firefox add-ons were available to make penetration testing using the browser a little easier. My portable Firefox edition already has a number of extensions installed for the usual stuff. Things like FoxyProxy, Web Developer Toolbar, Fire/FlashBug and the SQL Inject Me, Access Me and XSS Me tools from Security Compass have been installed for a long time. They come in useful for specific tasks, even when I’m not doing Web app testing. One thing I’d not really looked at though was the possibility of adding to the search providers list (found in the upper right-hand corner).     

Firefox Search

By default the drop down list comes with your typical default options (Google, Yahoo, Wikipedia and a few others). These all nice an everything, but for what we do, they’re not always the sources we need. After all, if you know you want to search for a CVE number, the why google for it. Best to go straight to the source, and pull up the info you need quickly and efficiently. So with that in mind, here are a few nice additions to the search list in Firefox.      

CVE dictionary search plugin 

 Open Source Vulnerability Database Search

  OVAL Repository

 Packet Storm

  RFC Search Plugin

 Pcapr  search

  Exploit DB

Preview Image of Default Passwords - CIRT.net CIRT Default Password-DB

This isn’t a complete list by any means, but hopefully it’s a good start. I’ve not had a chance to run these through a transparent proxy to see the exact information being sent/received, so our mileage may vary. Use at your own risk.

6 responses to “Firefox search add-ons for Security-Nerds™

  1. Pingback: Firefox search add-ons for security nerds « Steve on Security

  2. Pingback: Ed Smiley's Blog » Bookmarks for April 1st through April 2nd

  3. Pingback: Your only as good as your searchs… | DC802

  4. theprez98 April 27, 2010 at 00:45

    Some great additions to browser-based penetration testing. Thanks for sharing.

  5. Ermak July 9, 2010 at 10:18

    MMM nice, but the plugin “add to search bar” let you add any search form you want with just a right click.

%d bloggers like this: