├── .github ├── CODEOWNERS ├── workflows │ ├── validate-schema.yml │ └── validate-plugin.yml └── pull_request_template.md ├── .markdownlint.json ├── plugin_packages_removed.json ├── scripts ├── generate-results.sh └── validate-signature.sh ├── schema.json ├── README.md └── plugin_packages.json /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @corb3nik 2 | * @sytten 3 | -------------------------------------------------------------------------------- /.markdownlint.json: -------------------------------------------------------------------------------- 1 | { 2 | "no-inline-html": false, 3 | "line-length": false, 4 | "first-line-h1": false 5 | } 6 | -------------------------------------------------------------------------------- /plugin_packages_removed.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "id": "starterkit-plugin", 4 | "name": "StarterKit Plugin", 5 | "reason": "Placeholder not needed anymore" 6 | } 7 | ] 8 | -------------------------------------------------------------------------------- /.github/workflows/validate-schema.yml: -------------------------------------------------------------------------------- 1 | name: Validate Schema 2 | on: 3 | pull_request: 4 | 5 | concurrency: 6 | group: validate-schema-${{ github.ref_name }} 7 | cancel-in-progress: true 8 | 9 | jobs: 10 | validate: 11 | runs-on: ubuntu-latest 12 | 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v4 16 | 17 | - name: Validate Schema 18 | uses: caido/action-json-schema-validate@3d80261c1f49e8664a6311b08c5809127cfc4a91 19 | with: 20 | schema: schema.json 21 | files: plugin_packages.json 22 | fail-on-invalid: true 23 | cache-remote-schema: false 24 | -------------------------------------------------------------------------------- /scripts/generate-results.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Generate validation results comment 4 | # Usage: ./scripts/generate-validate-results.sh 5 | 6 | PLUGIN_NAME="$1" 7 | VERSION="$2" 8 | OWNER="$3" 9 | REPO="$4" 10 | 11 | # Checks 12 | ID_MATCH="$5" 13 | VERSION_MATCH="$6" 14 | README_PRESENT="$7" 15 | REQUIRED_ARTIFACTS="$8" 16 | SIGNATURE_VALID="$9" 17 | 18 | # Output header 19 | echo "## Plugin Validation Results for $PLUGIN_NAME v$VERSION" 20 | echo 21 | echo "**Repository:** [$OWNER/$REPO](https://github.com/$OWNER/$REPO)" 22 | echo 23 | 24 | # Build check list 25 | CHECKS=( 26 | "Version Match=$VERSION_MATCH" 27 | "ID Match=$ID_MATCH" 28 | "README Present=$README_PRESENT" 29 | "Required Artifacts=$REQUIRED_ARTIFACTS" 30 | "Signature Validation=$SIGNATURE_VALID" 31 | ) 32 | 33 | # Output check results 34 | for check in "${CHECKS[@]}"; do 35 | NAME=$(echo "$check" | cut -d= -f1) 36 | STATUS=$(echo "$check" | cut -d= -f2) 37 | if [ "$STATUS" = "true" ]; then 38 | echo "✅ $NAME" 39 | else 40 | echo "❌ $NAME" 41 | fi 42 | done -------------------------------------------------------------------------------- /schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "type": "array", 4 | "items": { 5 | "type": "object", 6 | "properties": { 7 | "id": { 8 | "type": "string" 9 | }, 10 | "name": { 11 | "type": "string" 12 | }, 13 | "license": { 14 | "type": "string" 15 | }, 16 | "description": { 17 | "type": "string" 18 | }, 19 | "author": { 20 | "type": "object", 21 | "properties": { 22 | "name": { 23 | "type": "string" 24 | }, 25 | "email": { 26 | "type": "string", 27 | "format": "email" 28 | }, 29 | "url": { 30 | "type": "string", 31 | "format": "uri" 32 | } 33 | }, 34 | "required": ["name", "email", "url"] 35 | }, 36 | "public_key": { 37 | "type": "string" 38 | }, 39 | "repository": { 40 | "type": "string" 41 | } 42 | }, 43 | "required": [ 44 | "id", 45 | "name", 46 | "license", 47 | "description", 48 | "author", 49 | "public_key", 50 | "repository" 51 | ] 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | # I am submitting a new Plugin Package 2 | 3 | ## Repository URL 4 | 5 | 6 | 7 | Link to my plugin package: 8 | 9 | ## Release Checklist 10 | 11 | - [ ] I have tested the plugin on 12 | - [ ] Windows 13 | - [ ] macOS 14 | - [ ] Linux 15 | - [ ] My GitHub release contains all required files 16 | - [ ] `plugin_package.zip` 17 | - [ ] `plugin_package.zip.sig` 18 | - [ ] Release immutability is enabled 19 | - [ ] GitHub Tag name matches the version number specified in my `caido.config.json` 20 | - [ ] The `id` in my `caido.config.json` matches the `id` in the `plugin_packages.json` file. 21 | - [ ] My `README.md` describes the plugin package purpose and provides clear usage instructions. 22 | - [ ] I have read the developer policy at , and have assessed my plugin package adherence to this policy. 23 | - [ ] I have added a license in the `LICENSE` file and it matches the `license` field in the `plugin_packages.json` file. 24 | - [ ] My project respects and is compatible with the original license of any third-party code that I'm using. 25 | I have given proper attribution to these other projects in my `README.md` and/or `LICENSE`. 26 | -------------------------------------------------------------------------------- /scripts/validate-signature.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # validate-signature.sh 4 | # Validates the signature of a plugin package against a public key 5 | # Usage: ./validate-signature.sh 6 | 7 | set -e 8 | 9 | if [ "$#" -ne 3 ]; then 10 | echo "Usage: $0 " 11 | exit 1 12 | fi 13 | 14 | PLUGIN_PACKAGE="$1" 15 | SIGNATURE_FILE="$2" 16 | PUBLIC_KEY="$3" 17 | 18 | # Create temporary directory for our work 19 | TEMP_DIR=$(mktemp -d) 20 | trap 'rm -rf "$TEMP_DIR"' EXIT 21 | 22 | # Create public key file 23 | PUBKEY_FILE="$TEMP_DIR/pubkey.pem" 24 | echo "-----BEGIN PUBLIC KEY-----" > "$PUBKEY_FILE" 25 | echo "$PUBLIC_KEY" >> "$PUBKEY_FILE" 26 | echo "-----END PUBLIC KEY-----" >> "$PUBKEY_FILE" 27 | 28 | # Check signature file 29 | if [ ! -f "$SIGNATURE_FILE" ]; then 30 | echo "Signature file not found" 31 | exit 1 32 | fi 33 | 34 | # Check plugin package 35 | if [ ! -f "$PLUGIN_PACKAGE" ]; then 36 | echo "Plugin package not found" 37 | exit 1 38 | fi 39 | 40 | # Validate signature 41 | if openssl pkeyutl -verify -pubin -inkey "$PUBKEY_FILE" -sigfile "$SIGNATURE_FILE" -in "$PLUGIN_PACKAGE" -rawin; then 42 | echo "Signature is valid" 43 | exit 0 44 | else 45 | echo "Signature validation failed" 46 | exit 1 47 | fi -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |
2 | image 3 | 4 |
5 |
6 | Website 7 |   •   8 | Dashboard 9 |   •   10 | Roadmap 11 |   •   12 | Branding 13 |   •   14 | Discord 15 |
16 |
17 |
18 | 19 | # 🔗 Store 20 | 21 | This is the source of the `Store` of Caido. 22 | If you are only consuming the `Store`, this repository is not for you. You can find all extensions already in Caido. 23 | 24 | > WARNING: We do not endorse the plugins in the store. We do our best to conduct due diligence to ensure they are safe, but you use them at your own risk. 25 | 26 | ## ⚙️ How does it work? 27 | 28 | At a regular interval, our cloud service will look at the `plugin_packages.json` file for all the plugins that exist in the store. 29 | 30 | This list will then be queried by the Caido Instances to display them in the `Store` page. 31 | 32 | ## 🤔 How do I make my plugin available? 33 | 34 | For your plugin to be listed in the store you MUST follow the [steps outlined in our documentation](https://developer.caido.io/guides/distribution/store.html). 35 | -------------------------------------------------------------------------------- /.github/workflows/validate-plugin.yml: -------------------------------------------------------------------------------- 1 | name: Validate Plugin 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | pr_number: 7 | description: 'Pull Request number to validate' 8 | required: true 9 | type: string 10 | plugin_id: 11 | description: 'ID of the plugin to validate' 12 | required: true 13 | type: string 14 | 15 | jobs: 16 | validate: 17 | runs-on: ubuntu-latest 18 | env: 19 | GH_TOKEN: ${{ github.token }} 20 | steps: 21 | - name: Checkout main branch 22 | uses: actions/checkout@v4 23 | with: 24 | ref: main 25 | path: main 26 | 27 | - name: Prepare PR branch 28 | uses: actions/checkout@v4 29 | with: 30 | path: pr 31 | 32 | - name: Checkout PR 33 | working-directory: pr 34 | run: gh pr checkout ${{ inputs.pr_number }} 35 | 36 | - name: Get plugin entry and validate repository 37 | id: unsafe-plugin-info 38 | working-directory: pr 39 | run: | 40 | # Get plugin entry 41 | PLUGIN_ID="${{ inputs.plugin_id }}" 42 | PLUGIN_ENTRY=$(jq -r --arg id "$PLUGIN_ID" '.[] | select(.id == $id)' plugin_packages.json) 43 | 44 | if [ -z "$PLUGIN_ENTRY" ]; then 45 | echo "Error: Plugin with ID '$PLUGIN_ID' not found in plugin_packages.json" 46 | exit 1 47 | fi 48 | 49 | # Extract and validate repository info 50 | PLUGIN_REPO=$(echo "$PLUGIN_ENTRY" | jq -r '.repository') 51 | PLUGIN_OWNER=$(echo $PLUGIN_REPO | cut -d'/' -f1) 52 | PLUGIN_REPO_NAME=$(echo $PLUGIN_REPO | cut -d'/' -f2) 53 | 54 | # Validate owner and repo names 55 | if ! [[ "$PLUGIN_OWNER" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]*$ ]] || ! [[ "$PLUGIN_REPO_NAME" =~ ^[a-zA-Z0-9][a-zA-Z0-9._-]*$ ]]; then 56 | echo "Error: Invalid repository format: $PLUGIN_REPO" 57 | exit 1 58 | fi 59 | 60 | # Extract all needed plugin info 61 | PLUGIN_NAME=$(echo "$PLUGIN_ENTRY" | jq -r '.name') 62 | PLUGIN_PUBLIC_KEY=$(echo "$PLUGIN_ENTRY" | jq -r '.public_key') 63 | 64 | # Validate extracted fields 65 | if [ -z "$PLUGIN_NAME" ] || [ "$PLUGIN_NAME" = "null" ]; then 66 | echo "Error: Plugin name is missing or invalid" 67 | exit 1 68 | fi 69 | 70 | # Validate plugin name format 71 | if ! [[ "$PLUGIN_NAME" =~ ^[a-zA-Z0-9._\ -]*$ ]]; then 72 | echo "Error: Invalid plugin name format: $PLUGIN_NAME" 73 | exit 1 74 | fi 75 | 76 | # Validate plugin ID format 77 | if ! [[ "$PLUGIN_ID" =~ ^[a-zA-Z0-9._-]*$ ]]; then 78 | echo "Error: Invalid plugin ID format: $PLUGIN_ID" 79 | exit 1 80 | fi 81 | 82 | # Validate public key format 83 | if ! [[ "$PLUGIN_PUBLIC_KEY" =~ ^[a-zA-Z0-9/+=]*$ ]]; then 84 | echo "Error: Invalid public key format: $PLUGIN_PUBLIC_KEY" 85 | exit 1 86 | fi 87 | 88 | # Output validated repository info with plugin_ prefix 89 | echo "plugin_owner=$PLUGIN_OWNER" >> $GITHUB_OUTPUT 90 | echo "plugin_repo=$PLUGIN_REPO_NAME" >> $GITHUB_OUTPUT 91 | 92 | # Output extracted plugin info 93 | echo "plugin_name=$PLUGIN_NAME" >> $GITHUB_OUTPUT 94 | echo "plugin_id=$PLUGIN_ID" >> $GITHUB_OUTPUT 95 | echo "public_key<> $GITHUB_OUTPUT 96 | echo "$PLUGIN_PUBLIC_KEY" >> $GITHUB_OUTPUT 97 | echo "EOF" >> $GITHUB_OUTPUT 98 | 99 | - name: Get latest release 100 | id: release 101 | run: | 102 | # Get latest release info using gh CLI with proper escaping 103 | RELEASE_JSON=$(gh api "repos/${{ steps.unsafe-plugin-info.outputs.plugin_owner }}/${{ steps.unsafe-plugin-info.outputs.plugin_repo }}/releases/latest") 104 | TAG_NAME=$(echo "$RELEASE_JSON" | jq -r '.tag_name') 105 | 106 | # Find required assets 107 | PLUGIN_PACKAGE_URL=$(echo "$RELEASE_JSON" | jq -r '.assets[] | select(.name == "plugin_package.zip") | .browser_download_url') 108 | SIGNATURE_URL=$(echo "$RELEASE_JSON" | jq -r '.assets[] | select(.name == "plugin_package.zip.sig") | .browser_download_url') 109 | 110 | if [ -z "$PLUGIN_PACKAGE_URL" ] || [ -z "$SIGNATURE_URL" ]; then 111 | echo "Error: Required assets not found in release. Need plugin_package.zip and plugin_package.zip.sig" 112 | exit 1 113 | fi 114 | 115 | echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT 116 | echo "plugin_package_url=$PLUGIN_PACKAGE_URL" >> $GITHUB_OUTPUT 117 | echo "signature_url=$SIGNATURE_URL" >> $GITHUB_OUTPUT 118 | 119 | - name: Download release artifacts 120 | working-directory: pr 121 | run: | 122 | mkdir -p artifacts 123 | cd artifacts 124 | # Download plugin package 125 | curl -L -o plugin_package.zip "${{ steps.release.outputs.plugin_package_url }}" 126 | # Download signature 127 | curl -L -o plugin_package.zip.sig "${{ steps.release.outputs.signature_url }}" 128 | 129 | - name: Validate signature 130 | id: sig-validation 131 | working-directory: main 132 | run: | 133 | if ./scripts/validate-signature.sh ../pr/artifacts/plugin_package.zip ../pr/artifacts/plugin_package.zip.sig "${{ steps.unsafe-plugin-info.outputs.public_key }}"; then 134 | echo "signature_valid=true" >> $GITHUB_OUTPUT 135 | else 136 | echo "signature_valid=false" >> $GITHUB_OUTPUT 137 | fi 138 | 139 | - name: Validate manifest ID 140 | id: manifest-validation-id 141 | working-directory: main 142 | run: | 143 | MANIFEST=$(unzip -p ../pr/artifacts/plugin_package.zip manifest.json) 144 | MANIFEST_ID=$(echo "$MANIFEST" | jq -r '.id') 145 | if [ "$MANIFEST_ID" != "${{ steps.unsafe-plugin-info.outputs.plugin_id }}" ]; then 146 | echo "is_valid=false" >> $GITHUB_OUTPUT 147 | else 148 | echo "is_valid=true" >> $GITHUB_OUTPUT 149 | fi 150 | 151 | - name: Validate manifest version 152 | id: manifest-validation-version 153 | working-directory: main 154 | run: | 155 | MANIFEST=$(unzip -p ../pr/artifacts/plugin_package.zip manifest.json) 156 | MANIFEST_VERSION=$(echo "$MANIFEST" | jq -r '.version') 157 | if [ "$MANIFEST_VERSION" != "${{ steps.release.outputs.tag_name }}" ]; then 158 | echo "is_valid=false" >> $GITHUB_OUTPUT 159 | else 160 | echo "is_valid=true" >> $GITHUB_OUTPUT 161 | fi 162 | 163 | - name: Check for README in plugin repository 164 | id: readme-check 165 | run: | 166 | if gh api "repos/${{ steps.unsafe-plugin-info.outputs.plugin_owner }}/${{ steps.unsafe-plugin-info.outputs.plugin_repo }}/contents/README.md" --jq .sha > /dev/null 2>&1; then 167 | echo "has_readme=true" >> $GITHUB_OUTPUT 168 | else 169 | echo "has_readme=false" >> $GITHUB_OUTPUT 170 | fi 171 | 172 | - name: Check required artifacts 173 | id: artifacts-check 174 | working-directory: pr 175 | run: | 176 | if [ -f "artifacts/plugin_package.zip" ] && [ -f "artifacts/plugin_package.zip.sig" ]; then 177 | echo "has_required_artifacts=true" >> $GITHUB_OUTPUT 178 | else 179 | echo "has_required_artifacts=false" >> $GITHUB_OUTPUT 180 | fi 181 | 182 | - name: Generate validation results comment 183 | id: generate-comment 184 | working-directory: main 185 | run: | 186 | # Generate the comment using the script 187 | COMMENT=$(./scripts/generate-results.sh \ 188 | "${{ steps.unsafe-plugin-info.outputs.plugin_name }}" \ 189 | "${{ steps.release.outputs.tag_name }}" \ 190 | "${{ steps.unsafe-plugin-info.outputs.plugin_owner }}" \ 191 | "${{ steps.unsafe-plugin-info.outputs.plugin_repo }}" \ 192 | "${{ steps.manifest-validation-id.outputs.is_valid }}" \ 193 | "${{ steps.manifest-validation-version.outputs.is_valid }}" \ 194 | "${{ steps.readme-check.outputs.has_readme }}" \ 195 | "${{ steps.artifacts-check.outputs.has_required_artifacts }}" \ 196 | "${{ steps.sig-validation.outputs.signature_valid }}") 197 | 198 | # Output the comment 199 | echo "comment<> $GITHUB_OUTPUT 200 | echo "$COMMENT" >> $GITHUB_OUTPUT 201 | echo "EOF" >> $GITHUB_OUTPUT 202 | 203 | - name: Comment on PR 204 | working-directory: main 205 | run: | 206 | # Post comment using gh CLI 207 | echo "${{ steps.generate-comment.outputs.comment }}" | gh pr comment ${{ inputs.pr_number }} --body-file - 208 | -------------------------------------------------------------------------------- /plugin_packages.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "id": "authmatrix", 4 | "name": "AuthMatrix", 5 | "license": "MIT", 6 | "description": "Grid-based authorization testing across multiple users and roles.", 7 | "author": { 8 | "name": "Caido Labs Inc.", 9 | "email": "dev@caido.io", 10 | "url": "https://caido.io" 11 | }, 12 | "public_key": "MCowBQYDK2VwAyEA+du2fw/I+CV6MKEpu0aJ1ki2+MO2V0SnaRB91+GbHwQ=", 13 | "repository": "caido-community/authmatrix" 14 | }, 15 | { 16 | "id": "bypasser", 17 | "name": "403Bypasser", 18 | "license": "CC0-1.0", 19 | "description": "Bypass a 403 page with a set of templates", 20 | "author": { 21 | "name": "bebiks", 22 | "email": "bebiks@cvssadvisor.com", 23 | "url": "http://x.com/bebiksior" 24 | }, 25 | "public_key": "MCowBQYDK2VwAyEA7hd15kPWlDAzJmMXXFRbVDD83T+0AWVk6OlgLwAgwFQ=", 26 | "repository": "bebiksior/Caido403Bypasser" 27 | }, 28 | { 29 | "id": "evenbetter", 30 | "name": "EvenBetter", 31 | "license": "CC0-1.0", 32 | "description": "Collection of tweaks and improvements for Caido", 33 | "author": { 34 | "name": "bebiks", 35 | "email": "bebiks@cvssadvisor.com", 36 | "url": "http://x.com/bebiksior" 37 | }, 38 | "public_key": "MCowBQYDK2VwAyEA2/J0S50jHKkeUah5eULQEK8eNcaJ1hCd62NLAO5MIWI=", 39 | "repository": "bebiksior/EvenBetter" 40 | }, 41 | { 42 | "id": "caido-themes", 43 | "name": "Caido Themes", 44 | "license": "CC0-1.0", 45 | "description": "A plugin for managing and customizing themes in Caido", 46 | "author": { 47 | "name": "bebiks", 48 | "email": "bebiks@cvssadvisor.com", 49 | "url": "http://x.com/bebiksior" 50 | }, 51 | "public_key": "MCowBQYDK2VwAyEA2/J0S50jHKkeUah5eULQEK8eNcaJ1hCd62NLAO5MIWI=", 52 | "repository": "bebiksior/CaidoThemes" 53 | }, 54 | { 55 | "id": "cursor-pen", 56 | "name": "Screen Drawing", 57 | "license": "MIT", 58 | "description": "A plugin that turns the cursor into a drawing pen", 59 | "author": { 60 | "name": "Tur24Tur / BugBountyZip", 61 | "email": "no-reply@NoBugEscapes.com", 62 | "url": "https://github.com/BugBountyzip" 63 | }, 64 | "public_key": "MCowBQYDK2VwAyEA+kw/aGY+CpXIbOD6pjtwugdRbc59+yp7Ep/7ENr2xXc=", 65 | "repository": "BugBountyzip/CaidoDrawing" 66 | }, 67 | { 68 | "id": "pwnfox", 69 | "name": "PwnFox", 70 | "license": "MIT", 71 | "description": "Integration with the PwnFox browser extension", 72 | "author": { 73 | "name": "SyzikSecu", 74 | "email": "dev@caido.io", 75 | "url": "https://caido.io" 76 | }, 77 | "public_key": "MCowBQYDK2VwAyEAem6BUDCmUq6mYywI8qPIy59tLVwdA4mtANoR721TwN0=", 78 | "repository": "caido-community/pwnfox" 79 | }, 80 | { 81 | "id": "csrf-generator", 82 | "name": "CSRF PoC Generator", 83 | "license": "GPL-3.0", 84 | "description": "Generate CSRF Proof of Concept payloads from requests", 85 | "author": { 86 | "name": "Tur24Tur / BugBountyZip", 87 | "email": "no-reply@NoBugEscapes.com", 88 | "url": "https://github.com/BugBountyzip" 89 | }, 90 | "public_key": "MCowBQYDK2VwAyEAWLm77+OCoRDKskiz++JIEXWLWZU69REiWBD8iPTlPzI=", 91 | "repository": "BugBountyzip/CaidoCSRF" 92 | }, 93 | { 94 | "id": "font-selector", 95 | "name": "Font Selector", 96 | "license": "GPL-3.0", 97 | "description": "Customize Caido's interface with different fonts and text effects, including custom font uploads and animations", 98 | "author": { 99 | "name": "Tur24Tur / BugBountyZip", 100 | "email": "no-reply@NoBugEscapes.com", 101 | "url": "https://github.com/BugBountyzip" 102 | }, 103 | "public_key": "MCowBQYDK2VwAyEAEkwo09jye0OavdTW7SeBwmMRo3cjVEHc666Yn271Ns8=", 104 | "repository": "BugBountyzip/CaidoFonts" 105 | }, 106 | { 107 | "id": "quickssrf", 108 | "name": "QuickSSRF", 109 | "license": "MIT", 110 | "description": "Real-time Interaction Monitoring with Interactsh", 111 | "author": { 112 | "name": "w2xim3", 113 | "email": "dev@caido.io", 114 | "url": "https://github.com/caido-community/quickssrf" 115 | }, 116 | "public_key": "MCowBQYDK2VwAyEAeTpbm+s6IsPfUHSa/O8TxyI4gAQIyL1ZVvaAb2GC3xs=", 117 | "repository": "caido-community/quickssrf" 118 | }, 119 | { 120 | "id": "sequencer", 121 | "name": "Sequencer", 122 | "license": "MIT", 123 | "description": "Token randomness analyzer", 124 | "author": { 125 | "name": "w2xim3", 126 | "email": "dev@caido.io", 127 | "url": "https://github.com/caido-community/sequencer" 128 | }, 129 | "public_key": "MCowBQYDK2VwAyEAeTpbm+s6IsPfUHSa/O8TxyI4gAQIyL1ZVvaAb2GC3xs=", 130 | "repository": "caido-community/sequencer" 131 | }, 132 | { 133 | "id": "notesplusplus", 134 | "name": "Notes++", 135 | "license": "MIT", 136 | "description": "Caido plugin for markdown based notes", 137 | "author": { 138 | "name": "StaticFlow", 139 | "email": "tanner.barnes@kashx.io", 140 | "url": "https://twitter.com/_StaticFlow_" 141 | }, 142 | "public_key": "MCowBQYDK2VwAyEAo1oWyQvff1+B5iaUVhXZYd/LObrOqghmF5fMeInpMGk=", 143 | "repository": "caido-community/NotesPlusPlus" 144 | }, 145 | { 146 | "id": "convert-tools", 147 | "name": "Convert Tools", 148 | "license": "MIT", 149 | "description": "Collection of tools for encoding, decoding, and data format conversions", 150 | "author": { 151 | "name": "Caido Labs Inc.", 152 | "email": "dev@caido.io", 153 | "url": "https://caido.io" 154 | }, 155 | "public_key": "MCowBQYDK2VwAyEA7cz05/tcC0VSXraEKljg+xMrSEHbjmkeRdyfDOk08GE=", 156 | "repository": "caido-community/convert-tools" 157 | }, 158 | { 159 | "id": "shift", 160 | "name": "Shift", 161 | "license": "MIT", 162 | "description": "Seamless AI Integration into Caido.", 163 | "author": { 164 | "name": "Caido Labs Inc.", 165 | "email": "dev@caido.io", 166 | "url": "https://caido.io" 167 | }, 168 | "public_key": "MCowBQYDK2VwAyEAk0JE8EP+IL5xMR/AR87U0n/5ttEJTQInsWDsiQYhnGs=", 169 | "repository": "caido-community/shift" 170 | }, 171 | { 172 | "id": "paramfinder-plugin", 173 | "name": "ParamFinder", 174 | "license": "CC0-1.0", 175 | "description": "Discover hidden parameters in Caido", 176 | "author": { 177 | "name": "bebiks", 178 | "email": "bebiks@cvssadvisor.com", 179 | "url": "http://x.com/bebiksior" 180 | }, 181 | "public_key": "MCowBQYDK2VwAyEAsyIyiFphSDMT0eu4fGKRVILeKU3gI5reVMrftBhYkXU=", 182 | "repository": "bebiksior/ParamFinder" 183 | }, 184 | { 185 | "id": "devtools", 186 | "name": "DevTools", 187 | "license": "MIT", 188 | "description": "Hot-reloading for faster Caido plugin development", 189 | "author": { 190 | "name": "Caido Labs Inc.", 191 | "email": "dev@caido.io", 192 | "url": "https://caido.io" 193 | }, 194 | "public_key": "MCowBQYDK2VwAyEAZYlZX2mMM/v+N45u4PbAl5WOICfZHbK2rRMmVD/ZAVs=", 195 | "repository": "caido-community/devtools" 196 | }, 197 | { 198 | "id": "workflows-store", 199 | "name": "Workflows Store", 200 | "license": "MIT", 201 | "description": "Collection of community-built workflows", 202 | "author": { 203 | "name": "Caido Labs Inc.", 204 | "email": "dev@caido.io", 205 | "url": "https://caido.io" 206 | }, 207 | "public_key": "MCowBQYDK2VwAyEAfqyimGX/rO9Cq+O/xnSVZTKiN6xlDVDmGpSjU78r8hs=", 208 | "repository": "caido-community/workflows" 209 | }, 210 | { 211 | "id": "jxscout-caido", 212 | "name": "JXScout", 213 | "license": "MIT", 214 | "description": "Plugin to ingest requests from Caido into jxscout", 215 | "author": { 216 | "name": "Francisco Neves", 217 | "email": "dev@caido.io", 218 | "url": "https://github.com/francisconeves97" 219 | }, 220 | "public_key": "MCowBQYDK2VwAyEAMqk0FKdu51rkKM7KOPHS9talB12F2lFFK4QIoXPfQYU=", 221 | "repository": "francisconeves97/jxscout-caido" 222 | }, 223 | { 224 | "id": "grep", 225 | "name": "Data Grep", 226 | "license": "MIT", 227 | "description": "Extract data from your requests and responses", 228 | "author": { 229 | "name": "Caido Labs Inc.", 230 | "email": "dev@caido.io", 231 | "url": "https://caido.io" 232 | }, 233 | "public_key": "MCowBQYDK2VwAyEAbmVKtAeD4qLKh+ckuUFRw/j/9AcVMkl8tX2BUQON6BY=", 234 | "repository": "caido-community/data-grep" 235 | }, 236 | { 237 | "id": "drop", 238 | "name": "Drop", 239 | "license": "MIT", 240 | "description": "Easy collaboration within Caido", 241 | "author": { 242 | "name": "Caido Labs Inc.", 243 | "email": "justin@caido.io", 244 | "url": "https://caido.io" 245 | }, 246 | "public_key": "MCowBQYDK2VwAyEA18AIEbzfWxfEtqxZrn/1b0CQ3O7FpJCNd+WwiCtIaJ4=", 247 | "repository": "caido-community/drop" 248 | }, 249 | { 250 | "id": "jwt-analyzer", 251 | "name": "JWT Analyzer", 252 | "license": "MIT", 253 | "description": "Detect, analyze, test and Attack JSON Web Tokens in web traffic", 254 | "author": { 255 | "name": "Amr Elsagaei", 256 | "email": "info@amrelsagaei.com", 257 | "url": "https://amrelsagaei.com" 258 | }, 259 | "public_key": "MCowBQYDK2VwAyEAXru6JmKshtb2uZYF2VgLSoDFtARq6T05orqbv8JqYXk=", 260 | "repository": "amrelsagaei/JWT-Analyzer" 261 | }, 262 | { 263 | "id": "squash", 264 | "name": "Squash", 265 | "license": "MIT", 266 | "description": "Request Minimizer for Caido", 267 | "author": { 268 | "name": "Evan Connelly", 269 | "email": "evan@evanconnelly.com", 270 | "url": "https://evanconnelly.com" 271 | }, 272 | "public_key": "MCowBQYDK2VwAyEACD0ZC+Cw5ielTgSspgN5aVHMEkamTSqj9pJie5RHWyc=", 273 | "repository": "evanconnelly/squash" 274 | }, 275 | { 276 | "id": "exploit-generator", 277 | "name": "Exploit Generator", 278 | "license": "MIT", 279 | "description": "Generate customizable PoC exploit scripts in multiple languages from HTTP requests.", 280 | "author": { 281 | "name": "stealthcopter", 282 | "email": "caido@stealthcopter.com", 283 | "url": "https://sec.stealthcopter.com" 284 | }, 285 | "public_key": "MCowBQYDK2VwAyEA814pfexgpP7LMgxrKQvsyREjDiqmZDGpwA/5PXY08wM=", 286 | "repository": "stealthcopter/CaidoExploitGenerator" 287 | }, 288 | { 289 | "id": "caido-newrequests", 290 | "name": "NewRequests", 291 | "license": "MIT", 292 | "description": "Provides a hotkey (default cmd+n) to apply a HTTPQL query for new requests (`row.id.gt:`)", 293 | "author": { 294 | "name": "Martin Haunschmid", 295 | "email": "contact@martinhaunschmid.com", 296 | "url": "https://martinhaunschmid.com" 297 | }, 298 | "public_key": "MCowBQYDK2VwAyEAsSAO8ml6yamPfWX/kV2FUFgr/WxBqdlZoe1yTNr56Xo=", 299 | "repository": "martinhaunschmid/caido-newrequests" 300 | }, 301 | { 302 | "id": "yeswecaido", 303 | "name": "YesWeCaido", 304 | "license": "MIT", 305 | "description": "Interact with YesWeHack's API to fetch your bug bounty programs.", 306 | "author": { 307 | "name": "yeswehack", 308 | "email": "support@yeswehack.com", 309 | "url": "https://www.yeswehack.com/" 310 | }, 311 | "public_key": "MCowBQYDK2VwAyEAO26EMwX4yA3RdYKT0FFGN3n5kUynF5SVFxNrLWc6ZsM=", 312 | "repository": "yeswehack/yeswecaido" 313 | }, 314 | { 315 | "id": "cerebrum", 316 | "name": "Cerebrum", 317 | "license": "MIT", 318 | "description": "A simple organizer-like plugin for Caido to help you manage, annotate, and sort HTTP requests.", 319 | "author": { 320 | "name": "DewSecOff", 321 | "email": "DewSecOff@protonmail.com", 322 | "url": "https://github.com/DewSecOff/Caido-Plugin-Cerebrum" 323 | }, 324 | "public_key": "MCowBQYDK2VwAyEASa/hE1TRgfQyCRzmVTR1FHxjXtT3Pe+khlSlq81AlUY=", 325 | "repository": "DewSecOff/Caido-Plugin-Cerebrum" 326 | }, 327 | { 328 | "id": "omnioast", 329 | "name": "OmniOAST", 330 | "license": "MIT", 331 | "description": "Unify your OAST provider management and consolidate all interactions into a single, streamlined workflow.", 332 | "author": { 333 | "name": "hahwul", 334 | "email": "hahwul@gmail.com", 335 | "url": "https://www.hahwul.com" 336 | }, 337 | "public_key": "MCowBQYDK2VwAyEAkHYMKg044NBxc+YtiZQXSbv8p4J05DvqtASdZnb4fZw=", 338 | "repository": "hahwul/OmniOAST" 339 | }, 340 | { 341 | "id": "compare", 342 | "name": "Compare", 343 | "license": "MIT", 344 | "description": "Side-by-side comparison of HTTP requests, responses, and files with visual difference highlighting", 345 | "author": { 346 | "name": "Amr Elsagaei", 347 | "email": "info@amrelsagaei.com", 348 | "url": "https://amrelsagaei.com" 349 | }, 350 | "public_key": "MCowBQYDK2VwAyEAcyXTSEEfJpCg//PRCSCD5oJLycneeO4aDgFSpE6LH/I=", 351 | "repository": "amrelsagaei/Compare" 352 | }, 353 | { 354 | "id": "redocs", 355 | "name": "ReDocs", 356 | "license": "MIT", 357 | "description": "Import Postman Collections & OpenAPI Specifications as Replay Sessions", 358 | "author": { 359 | "name": "Amr Elsagaei", 360 | "email": "info@amrelsagaei.com", 361 | "url": "https://amrelsagaei.com" 362 | }, 363 | "public_key": "MCowBQYDK2VwAyEAV6dMAQFOHcjf8HMGBSX6ZybqldvZ+sb/f6YMF0J7NNg=", 364 | "repository": "amrelsagaei/ReDocs" 365 | }, 366 | { 367 | "id": "chatio", 368 | "name": "Chatio", 369 | "license": "MIT", 370 | "description": "An AI-powered assistant for hackers and security professionals built for Caido", 371 | "author": { 372 | "name": "Amr Elsagaei", 373 | "email": "info@amrelsagaei.com", 374 | "url": "https://amrelsagaei.com" 375 | }, 376 | "public_key": "MCowBQYDK2VwAyEA79GS1nlRq7UJobFjpUQo7pVo+SfR2+Gq2wKW4ncj/w4=", 377 | "repository": "amrelsagaei/Chatio" 378 | }, 379 | { 380 | "id": "scanner", 381 | "name": "Scanner", 382 | "license": "MIT", 383 | "description": "Passive and active vulnerability scanner", 384 | "author": { 385 | "name": "Caido Labs Inc.", 386 | "email": "dev@caido.io", 387 | "url": "https://caido.io" 388 | }, 389 | "public_key": "MCowBQYDK2VwAyEAzu4fQBltUyHwwjIc4X6fM1RnqWBjduegUQRD4oIUX6c=", 390 | "repository": "caido-community/scanner" 391 | }, 392 | { 393 | "id": "bytecap", 394 | "name": "ByteCap", 395 | "license": "MIT", 396 | "description": "Cap and split workspace files by size, ideal for proxy files/log uploads with file size limits", 397 | "author": { 398 | "name": "ads dawson", 399 | "email": "ads@offsecmoose.xyz", 400 | "url": "https://github.com/GangGreenTemperTatum" 401 | }, 402 | "public_key": "MCowBQYDK2VwAyEAIH6nesHsT+U6myM6Z66JxXes2CI5/uNEWfX3R9LscLg=", 403 | "repository": "GangGreenTemperTatum/ByteCap" 404 | }, 405 | { 406 | "id": "graphql-analyzer", 407 | "name": "GraphQL Analyzer", 408 | "license": "MIT", 409 | "description": "Plugin for GraphQL schema discovery, visualization, and advanced security", 410 | "author": { 411 | "name": "Amr Elsagaei", 412 | "email": "info@amrelsagaei.com", 413 | "url": "https://amrelsagaei.com" 414 | }, 415 | "public_key": "MCowBQYDK2VwAyEAO29lZ32flhJc/IMUkDzK2GypJynAOLxmeKzlfHbDnjA=", 416 | "repository": "amrelsagaei/GraphQL-Analyzer" 417 | }, 418 | { 419 | "id": "ebka-ai-assistant", 420 | "name": "Ebka AI Assistant", 421 | "license": "GPL-3.0", 422 | "description": "Integrates with Claude AI to provide AI-powered security testing capabilities", 423 | "author": { 424 | "name": "Slonser", 425 | "email": "slonser@neplox.security", 426 | "url": "https://x.com/slonser_" 427 | }, 428 | "public_key": "MCowBQYDK2VwAyEAzartrinFwQw7xHVfCnKhTllnsB08FbUEDH/K3G0ZE/k=", 429 | "repository": "Slonser/Ebka-Caido-AI" 430 | }, 431 | { 432 | "id": "csp-auditor", 433 | "name": "CSP Auditor", 434 | "license": "MIT", 435 | "description": "Audit and analyze Content Security Policies (CSP) in Caido with bypass gadget library", 436 | "author": { 437 | "name": "ads dawson", 438 | "email": "ads@offsecmoose.xyz", 439 | "url": "https://github.com/GangGreenTemperTatum" 440 | }, 441 | "public_key": "MCowBQYDK2VwAyEAfGM50cwF4CQSmWpcAIZpt+C0DIL1WZnwyzZN48SgLq0=", 442 | "repository": "GangGreenTemperTatum/csp-auditor" 443 | }, 444 | { 445 | "id": "tab-renammer", 446 | "name": "Tab Renamer", 447 | "license": "MIT", 448 | "description": "Plugin used to rename automaticly tab in replay section", 449 | "author": { 450 | "name": "Serizao", 451 | "email": "william.leberre@gmail.com", 452 | "url": "https://github.com/serizao" 453 | }, 454 | "public_key": "MCowBQYDK2VwAyEAamNXDc4y/9fASC2qHAerTCq0sCKZrypIOl0F000d+Es=", 455 | "repository": "serizao/tab-renammer" 456 | }, 457 | { 458 | "id": "openapi-tester", 459 | "name": "OpenAPI", 460 | "license": "MIT", 461 | "description": "Accelerate endpoint testing by providing schemas", 462 | "author": { 463 | "name": "xvffdos", 464 | "email": "dev@xvffdos.com", 465 | "url": "https://github.com/MDGDSS" 466 | }, 467 | "public_key": "MCowBQYDK2VwAyEABIt/MASMUa6Wctni2BHIIRso/4j4um0olgsTunQZN6A=", 468 | "repository": "MDGDSS/caido-openapi" 469 | }, 470 | { 471 | "id": "authify", 472 | "name": "Authify", 473 | "license": "MIT", 474 | "description": "Plugin for seamless Authorization testing of user roles", 475 | "author": { 476 | "name": "Saltify", 477 | "email": "saltify7@gmail.com", 478 | "url": "https://github.com/saltify7" 479 | }, 480 | "public_key": "MCowBQYDK2VwAyEAgWbmdtmPMaNQK81G7cToep5JxqMcMwF8txlbWGKkqQQ=", 481 | "repository": "saltify7/Authify" 482 | }, 483 | { 484 | "id": "autorize", 485 | "name": "Autorize", 486 | "license": "MIT", 487 | "description": "Automated authorization testing", 488 | "author": { 489 | "name": "Caido Labs Inc.", 490 | "email": "dev@caido.io", 491 | "url": "https://caido.io" 492 | }, 493 | "public_key": "MCowBQYDK2VwAyEAhfcDjQu8XIlrs+80m/2I4GWDNE4q6siePY5yItX/Fmg=", 494 | "repository": "caido-community/autorize" 495 | }, 496 | { 497 | "id": "hex", 498 | "name": "Hex", 499 | "license": "MIT", 500 | "description": "Adds a hex viewer and editor to the History and Replay tabs", 501 | "author": { 502 | "name": "hahwul", 503 | "email": "hahwul@gmail.com", 504 | "url": "https://www.hahwul.com" 505 | }, 506 | "public_key": "MCowBQYDK2VwAyEA7mnFhYg7vb00izB79EfkogCNlENCcyiheoo7xoI0RHk=", 507 | "repository": "hahwul/Hex" 508 | }, 509 | { 510 | "id": "authswap", 511 | "name": "Authswap", 512 | "license": "MIT", 513 | "description": "Quickly switch between different user authentication contexts during manual testing", 514 | "author": { 515 | "name": "Caido Labs Inc.", 516 | "email": "dev@caido.io", 517 | "url": "https://caido.io" 518 | }, 519 | "public_key": "MCowBQYDK2VwAyEAKb/meWPz5b/CQk6aryY89D2lA1R0J5ZE49uZf4GTjYg=", 520 | "repository": "caido-community/authswap" 521 | }, 522 | { 523 | "id": "retire-js", 524 | "name": "RetireJS Scanner", 525 | "license": "MIT", 526 | "description": "Retire.js-like live or manual scanner for Caido: checks request/response URLs for outdated Javascript.", 527 | "author": { 528 | "name": "bensh", 529 | "email": "no-reply@caido.community", 530 | "url": "https://github.com/bensh" 531 | }, 532 | "public_key": "MCowBQYDK2VwAyEAf7r0UnPhfkNC7yZGeD9Ql727GltOH5ArJQ1gPKnzFnk=", 533 | "repository": "bensh/caido-retirejs" 534 | }, 535 | { 536 | "id": "screenshot-mode", 537 | "name": "Screenshot Mode", 538 | "license": "MIT", 539 | "description": "Make pretty screenshots of your requests", 540 | "author": { 541 | "name": "Caido Labs Inc.", 542 | "email": "dev@caido.io", 543 | "url": "https://caido.io" 544 | }, 545 | "public_key": "MCowBQYDK2VwAyEAq9vgqLVUtcQ3+m8R7v+Q7i+DmPy3YOW0UKun/tDrqCE=", 546 | "repository": "caido-community/screenshot-mode" 547 | } 548 | ] 549 | --------------------------------------------------------------------------------