Firefox Pentest Add-ons

Firefox extensions for pentesting and OSINT, grouped by purpose. Names in English, descriptions follow your language.

Recon & OSINT

Shodan.io — Show Shodan data (open ports, location).

Wappalyzer — Detect a site's tech stack.

BuiltWith — List technologies used by a page.

DotGit — Detect exposed .git directories.

retire.js — Flag vulnerable JS libraries.

Hunter — Find email addresses fast.

Email Extractor — Auto-extract emails from pages.

Search by Image — Reverse image search (multi-engine).

YesWeHack VDP Finder — Detect vulnerability disclosure programs.

Flagfox — Server location + site tools (whois…).

Web Archives — View archived / cached page versions.

Web App Testing

HackTools — Web pentest cheat sheets & payloads.

HackBar — Pentest helper (WebExtension HackBar).

Max HackBar — HackBar-style pentest toolbar.

KNOXSS Community Edition — XSS discovery tool.

PwnFox — Firefox / Burp security-audit tools.

Click-jacking — Highlight clickjacking-vulnerable pages.

Fake Filler — Fill forms with random fake data.

Trufflehog — Hunt for leaked credentials.

Altair GraphQL Client — Feature-rich GraphQL client.

iMacros for Firefox — Record & replay web tasks.

Beautifer & Minify — Beautify / minify HTML, CSS, JS.

JSON-formatter — Pretty-print JSON documents.

HTTP / Headers / Proxy

ModHeader — Modify request & response headers.

Modify Header Value — Add / edit / remove headers per domain.

HTTP Header Live — View, edit & resend HTTP headers.

FoxyProxy Standard — Switch proxies by URL pattern.

User-Agent Switcher and Manager — Spoof the browser User-Agent.

Open Multiple URLs — Open / extract many URLs at once.

Cookie-Editor — Create, edit & delete cookies.

Privacy & Anti-Tracking

uBlock Origin — Efficient wide-spectrum content blocker.

uMatrix — Point-and-click request firewall.

NoScript Security Suite — Run scripts only on trusted sites.

Privacy Badger — Auto-blocks invisible trackers.

Decentraleyes — Serve CDN libraries locally.

DuckDuckGo Privacy Essentials — All-in-one privacy protection.

ClearURLs — Strip tracking parameters from URLs.

Don't track me Google — Remove Google link redirection.

Privacy Settings — Tweak Firefox privacy from a panel.

Terms of Service; Didn't Read — Rates sites' terms of service.

Temporary Containers — Isolate browsing in disposable containers.

Firefox Multi-Account Containers — Separate identities by container.

xBrowserSync — Private, anonymous bookmark sync.

Identity & Secrets

Temp Mail - Disposable Temporary Email — Disposable temporary email address.

Firefox Relay — Generate email aliases that forward.

Bitwarden - Free Password Manager — Secure free password manager.

Utilities

APK Downloader — Download APKs from Google Play.

Broken Link Checker — Find broken & redirected links.

Compiled from the “Firefox Pentest Add-ons” chart by Hacking Articles (Ignite Technologies); descriptions condensed.