Assessment of men; selection of personnel for the Office of Strategic Services [by] the OSS Assessment Staff

"This volume is the account of how a number of psychologists and psychiatrists attempted to assess the merits of men and women recruited for the Office of Strategic Services. The undertaking is reported because it represents the first attempt in America to design and carry out selection procedures in conformity with so-called organismic (Gestalt) principles. As a novel experiment it might interest a wide range of readers, but more specifically we hope it will invite the attention of those who are concerned with the problem of predicting human behavior, especially if they are engaged in practicing and developing clinical psychology and psychiatry and in improving present methods of diagnosis, assessment, and selection. All told, 5,391 recruits were studied intensively over a three-day period at one station or over a one-day period at another. These were the two areas in the United States where the bulk of assessment was done. Of these the performances of 1,187 who went overseas were described and rated by their superior officers and associates in the theater. Some standard procedures, elementalistic in design, were included in our program, because the best of these instruments are especially efficient in picking out disqualifying defects of function and so in eliminating men who arc definitely inferior. Organismic methods, on the other hand, are to be recommended in addition whenever it is necessary to discriminate unusual talent, to measure ability in the range running from low average to high superior. The plan described in this book was devised to fit the special needs of the Office of Strategic Services, but it would not take much ingenuity to modify some of the techniques and to invent others of the same type to meet the requirements of other institutions. These methods were first used on a large scale by Simoneit, as described in Wehrpsychologie, and the German military psychologists, and after them by the British"--Introduction. (PsycINFO Database Record (c) 2006 APA, all rights reserved).

Turning Firefox to an Ethical Hacking Platform list of useful security auditing extensions :

- Information gathering

Whois and geo-location
ShowIP : Show the IP address of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and Hostname (left mouse button), like whois, netcraft.
Shazou : The product called Shazou (pronounced Shazoo it is Japanese for mapping) enables the user with one-click to map and geo-locate any website they are currently viewing. Geolocation : Displays Geolocation information for a website using data. Works with all versions of Firefox.
Active Whois : Starting Active Whois to get details about any Web site owner and its host server.
Bibirmer Toolbar : An all-in-one extension. But auditors need to play with the toolbox. It includes ( WhoIs, DNS Report, Geolocation , Traceroute , Ping ). Very useful for information gathering phase

Enumeration / fingerprinting
Header Spy: Shows HTTP headers on statusbar
Header Monitor : This is Firefox extension for display on statusbar panel any HTTP response header of top level document returned by a web server. Example: Server (by default), Content-Encoding, Content-Type, X-Powered-By and others.

Social engineering
People Search and Public Record: This Firefox extension is a handy menu tool for investigators, reporters, legal professionals, real estate agents, online researchers and anyone interested in doing their own basic people searches and public record lookups as well as background research.

Googling and spidering
Advanced dork : Gives quick access to Google’s Advanced Operators directly from the context menu. This could be used to scan for hidden files or narrow in a target anonymously (via the option) [Updated Definition. Thanks to CP author of Advanced Dork]
SpiderZilla : Spiderzilla is an easy-to-use website mirror utility, based on Httrack from
View Dependencies : View Dependencies adds a tab to the "page info" window, in which it lists all the files which were loaded to show the current page. (useful for a spidering technique)

- Security Assessment / Code auditing

JSView : The ’view page source’ menu item now opens files based on the behavior you choose in the jsview options. This allows you to open the source code of any web page in a new tab or in an external editor.
Cert Viewer Plus : Adds two options to the certificate viewer in Firefox or Thunderbird: an X.509 certificate can either be displayed in PEM format (Base64/RFC 1421, opens in a new window) or saved to a file (in PEM or DER format - and PKCS#7 provided that the respective patch has been applied - cf.
Firebug : Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page
XML Developer Toolbar:allows XML Developer’s use of standard tools all from your browser.

Headers manipulation
HeaderMonitor : This is Firefox extension for display on statusbar panel any HTTP response header of top level document returned by a web server. Example: Server (by default), Content-Encoding, Content-Type, X-Powered-By and others.
RefControl : Control what gets sent as the HTTP Referer on a per-site basis.
User Agent Switcher :Adds a menu and a toolbar button to switch the user agent of the browser

Cookies manipulation
Add N Edit Cookies : Cookie Editor that allows you add and edit "session" and saved cookies.
CookieSwap : CookieSwap is an extension that enables you to maintain numerous sets or "profiles" of cookies that you can quickly swap between while browsing
httpOnly : Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side
Allcookies : Dumps ALL cookies (including session cookies) to Firefox standard cookies.txt file

Security auditing
HackBar : This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT learn you how to hack a site. Its main purpose is to help a developer do security audits on his code.
Tamper Data : Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.
Chickenfoot : Chickenfoot is a Firefox extension that puts a programming environment in the browser’s sidebar so you can write scripts to manipulate web pages and automate web browsing. In Chickenfoot, scripts are written in a superset of Javascript that includes special functions specific to web tasks.

- Proxy/web utilities

FoxyProxy : FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s proxy configuration. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, etc
SwitchProxy: SwitchProxy lets you manage and switch between multiple proxy configurations quickly and easily. You can also use it as an anonymizer to protect your computer from prying eyes
POW (Plain Old WebServer) : The Plain Old Webserver uses Server-side Javascript (SJS) to run a server inside your browser. Use it to distribute files from your browser. It supports Server-side JS, GET, POST, uploads, Cookies, SQLite and AJAX. It has security features to password-protect your site. Users have created a wiki, chat room and search engine using SJS.

- Misc

Hacks for fun
Greasemonkey : Allows you to customize the way a webpage displays using small bits of JavaScript (scripts could be download here)

Fire Encrypter : FireEncrypter is an Firefox extension which gives you encryption/decryption and hashing functionalities right from your Firefox browser, mostly useful for developers or for education & fun.

Malware scanner web files checker : allowing people to check web files for any malware (viruses, trojans, worms, adware, spyware and other unwanted things) inclusions.
Dr.Web anti-virus link checker : This plugin allows you to check any file you are about to download, any page you are about to visit
ClamWin Antivirus Glue for Firefox : This extension scans every downloaded file automatically with ClamWin.

Anti Spoof
refspoof : Easy to pretend to origin from a site by overriding the url referrer (in a http request). — it incorporates this feature by using the pseudo-protocol spoof:// .. thus it’s possible to store the information in a "hyperlink" - that can be used in any context .. like html pages or bookmarks

Additional Links:

Blackbuntu is Ubuntu base distro for Penetration Testing with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10.

The Metasploit® Framework is a free, open source penetration testing solution developed by the open source community & Rapid7.

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element.