Marksman

SUMMARY

The purpose of this tool is to assist with casual web application penetration testing during large scope engagements where pages may contain dozens or hundreds of links and references to additional endpoints. The tool aims to give testers visual indicators that can help them streamline their attention and focus on elements of interests for further testing without clicking through large numbers of static resources.

In 1 click, the tool will highlight in yellow all href elements that refer to pages with the potential for dynamic functionality (asp, php, aspx, jsp, jspx, etc.). The tool will also highlight in red all href elements that contain HTTP GET parameters, after identifying these via regular expression. Finally the tool highlights in magenta any input form elements that result in dynamic HTTP POST requests. This should ideally assist penetration testers in focusing quickly on elements of interest for further investigation.

If you want to have the functionality running continuously, simply select the INFINITE MODE checkbox and press the FIRE button. The plugin will automatically perform targeting during navigation until the checkbox is deselected by the user.

The tool is equally useful for reconnaissance on search results page to visually identify interesting endpoints containing the aforementioned properties.

The latest version of Marksman is available on the Chrome web and is currently being used by 0 active users. The initial version was launched on 2024-10-28.

HOW TO INSTALL Marksman FROM A CRX FILE

1. Download Marksman CRX file
2. NOTE: Sometimes the browser may block downloading / installing CRX file from outside the Chrome Web Store. If so, you may need to download the ZIP file instead
3. In the URL bar, go to chrome://extensions
4. Enable Developer mode

Ratings

USER REVIEWS (0)