I’ve put up useful pentesting tools on https://forefy.com/
JWT resigner (that supports none,None,RS->HS downgrade vuln)
HTTP request catcher to aid with blind XSS, XXE and more
Chrome extension to passively look for secret keys and exposed buckets
Please let me know what you think!