Marksman: Streamlining Web App Penetration Testing
Marksman is a free Chrome add-on designed to enhance the efficiency of casual web application penetration testing. This tool is particularly beneficial during large scope engagements, where testers may encounter numerous links and endpoints. It provides visual cues that help streamline the testing process by allowing testers to focus on elements that warrant further investigation without the need to click through each static resource.
With a simple click, Marksman highlights various elements on a webpage: it marks href elements that suggest dynamic functionality in yellow, highlights those with HTTP GET parameters in red, and indicates input form elements that trigger HTTP POST requests in magenta. The tool also offers an INFINITE MODE for continuous operation, automatically targeting elements during navigation. This functionality is useful not only for penetration testing but also for reconnaissance, making it easier to identify significant endpoints.
