OWASP PTK is now a part of the Athena OS as a preinstalled addon

Check out our OWASP Top 10 2021 to SANS and MITRE CWE mapping

All things Json Web Token

HOW TO?

DAST IAST SAST SCA JWT

Install now

DAST

Dynamic Application Security Testing at runtime. Identify SQL injection, command injection, reflected/stored XSS

IAST

Interactive Application Security Testing instruments your app at runtime - right in the browser - tracking taint flows and code execution

SAST

Static Code Analysis for inline and external scripts flags unsafe patterns like `eval()`, `innerHTML` / `outerHTML` injection

SCA

Find outdated or vulnerable packages

Request builder

Tamper any requests and/or run DAST attacks against a particular request

Proxy

Capture all HTTP(S) traffic, replay requests in R-Builder

JWT Inspector

Analyze, craft, and tamper with JSON Web Tokens.

Dashboard

One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows

Cookie editor

Add, edit, remove cookies or create rules to block and protect them

Automation

Add the PTK to browser automation systems like Selenium to get security insight while running tests

Recording

Macro and Traffic recording

Utils

API security testing with Swagger Editor, encode and decode with Decoder, use cheat sheets for XSS and SQL attacks

Your first step to ethical hacking

An easy way to see detailed information about an app, ability to execute modifed HTTP request without javascript validation, sequence recording with HAR file output.