The Blackdagger Web Kit (BWK) browser extension is a sophisticated, enhanced version of the OWASP Penetration Testing Kit, designed specifically for Red Team operations and advanced penetration testing workflows. Leveraging GitHub Actions runners, BWK performs dynamic application security testing (DAST) without triggering common web defenses or IP-based blocking mechanisms, significantly improving operational security (OPSEC).
Blackdagger is a single binary tool that is capable of managing and automating complex workflows for various purposes. To improve the experience of users while using Blackdagger, various repositories that contains tested YAML files for complex workflows, easy-to-setup infrastructure for CART and DevSecOps purposes are suggested by the team. With major additions to these repositories, everything that makes Blackdagger better is collected under a framework called Blackdagger: Cyber Workflow Automation Framework.
The framework consist of 5 components:
- Blackdagger: Core of the framework for orchestrating the components and workflows
- Blackcart: A specialized Docker container optimized for Continuous Automated Red Teaming (CART) and DevSecOps pipeline tasks.
- Blackdagger YAMLs: Pre-tested example workflows, demonstrating real-world DevSecOps and CART use-cases, facilitating quick adoption and adaptation.
- Blackdagger Github Infra: A suite of advanced workflows utilizing GitHub Actions infrastructure for enhanced defense evasion techniques, scalability, and performance.
- Blackdagger Web Kit (this repository): A browser extension integrating all core functionalities, enabling direct interaction and execution of Blackdagger workflows from within the browser.
Each component is compatible with each other to run on any environment, for any case and as easy, fast and effective as possible. The framework also enables adding, removing or modifying components to add extra features for new purposes.
BWK revolutionizes traditional DAST by leveraging GitHub Actions runners, significantly enhancing operational security (OPSEC). This method allows penetration testers and Red Team operators to perform scans and execute simulated attacks from GitHub's trusted infrastructure, thereby reducing the likelihood of detection by web defenses and IP-based blocking mechanisms. By simply forking the provided default GitHub repository and configuring your GitHub token within the BWK DAST settings, you ensure stealthy, uninterrupted, and effective security testing with minimized risk of alerting defensive measures or leaving traceable digital footprints.
Seamlessly integrates with the comprehensive Blackdagger continuous red team operations framework. Initiate scans, manage complex multi-step attack scenarios, and leverage external security tools beyond browser-based capabilities, expanding your tactical reach.
Blackdagger represents a significant advancement in automation technology, offering a comprehensive solution for orchestrating complex workflows in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Automated Red Teaming (CART) environments. At its core, Blackdagger simplifies the management and execution of intricate workflows through its user-friendly approach and powerful functionality. Leveraging a declarative YAML format, Blackdagger enables users to define automation pipelines using a Directed Acyclic Graph (DAG), clearly expressing task dependencies and execution logic without extensive scripting or coding.
With a built-in Web UI, users can easily manage, rerun, and monitor automation pipelines in real-time, significantly streamlining the workflow management process. Additionally, Blackdagger's native Docker support ensures seamless integration with containerized environments, and its versatile toolset allows task execution via HTTP requests and SSH commands. This integration enhances your tactical reach, simplifying complex multi-step attack scenarios, and enables you to leverage external security tools effectively, ensuring comprehensive and robust operations.
Easily analyze JSON Web Tokens (JWT), build and manipulate tokens, and generate cryptographic key pairs directly within your browser.
One-click comprehensive intelligence, including:
- Technology stack identification
- Web Application Firewall (WAF) detection
- Security header analysis
- Crawled link visualization
- Authentication flow inspection
- Software Composition Analysis (SCA) scanning right within your browser
A robust proxy with detailed logging, allowing you to replay requests or seamlessly forward them to the integrated DAST tool for automated exploitation.
Craft, modify, and tamper HTTP requests precisely to test application resilience. R-Builder supports complex attacks including HTTP request smuggling for thorough security assessments.
Effectively manage cookies with features to add, edit, block, protect, import, and export.
Convert and handle data across formats such as UTF-8, Base64, MD5, and more directly in your browser.
Enhanced API documentation handling through integrated Swagger.IO, allowing seamless interactions with API endpoints.
Identify and remediate security issues early in development by automating browser actions and integrating security checks directly into your development lifecycle.
git clone https://github.com/ErdemOzgen/blackdagger-web-kit.git
cd blackdagger-web-kit
npm install
npm run buildFor Chrome/Edge/Brave:
- Navigate to
Extensions. - Enable
Developer Mode. - Click on
Load unpackedand selectblackdagger-web-kit/srcdirectory.
Alternatively, create a packaged version:
npm run build_pkgThis generates a ZIP archive in the pentestkit/dist folder.
Note for Windows Users: If encountering build errors, run:
npm install --ignore-scripts fomantic-uiThe official web extension links will be provided upon approval and release. Currently, the extension submissions are awaiting review by Google, and due to Host Permission requirements, the review process may take longer than usual.
In the meantime, you can download and manually install the extension from the repository releases. Follow the installation steps detailed here.
Elevate your penetration testing and Red Team operations with the advanced security capabilities of the Blackdagger Web Kit (BWK).