GreaseMonkey Web Security Toolkit

Description

A collection of Greasemonkey scripts written by Aung Khant from http://yehg.net that aim to provide security for you and your site. We love to write Greasemonkey scripts than Browser Addons because Greasemonkey is more flexible. Any one can view and edit source codes with ease. They will forever be compatible with any versions of Gecko browsers while most security addons are no longer compatible with new versions unless their authors take pains to modify codes for compatibility. Send suggestions and bugs via our contact form at our home page. Feel free to modify codes to adapt your need.

Requirements

Gecko Browser Family (Firefox/Flock/..etc)

Greasemoney Addon http://www.greasespot.net/

Current Scripts

Description: Whenver the script detects a phpinfo page, it fingerprints it for how much secure that phpinfo page. It's a combination of my security thoughts and phpinfosec.com's project. Use it for security and performance issues. Ideal for web masters and web server admins who are a bit confused with phpinfo page's numberous configuration items. Date: July 2008
 * phpinfo Security Checker

Description: Although the initial release v.01 was for fingerprinting web page, this v0.2 version is integrated with JS-file fingerprinting, fuzzing, bruteforcing [version 0.1] WebPageFingerPrinting script without having to view html source. Sometimes, clicking each in WebDeveloper Toolbar is tedious.I'd like to read a summerized view of current web page first. Here this script comes in. Resource: Be sure to see its movies Warning: Use it only for lawful purposes as the script has vulnerability scanning which invokes IDS detection. Date: July, 2008
 * WebPageFingerPrint (aka. Hacking Script)

Description: The version 2 is similar to XSS warning addon. Look for URL string for XSS payloads. Detect and stop XSS attacks from evil bad guys to you in addition to detection of Malicious JavaScript embedded in malicious sites. This script has been tested for false positives thoroughly. False positives may occur at those sites which use crypto strings like order.php?token={a:xC2;id:ac3f52233;[]} and Squirrel mail sites which use URL strings like compose.php?to=John. We can't fix it for the sake of security. If you know this one, you can feel assured this is safe to accept and go on. Available also: Standlone version for webmasters. Resource: Introducing MSD Date: March 2008
 * Malware Script Detector v2

Description: Detect & Alert Malicious JavaScript : XSSProxy, XSS-Shell, AttackAPI, Beef. But No guarantee for full prevention of XSS-Injection threats. Many ways to bypass it such as obfuscation but I'm sure it protects you from casual attackers. Date: Feb 2008
 * Malware Script Detector v1

Download

http://yehg.net/lab/#tools.greasemonkey