Here is a neat trick (according to me) for people who are analyzing a suspected malicious website/watering hole attack. To fetch the source html/js code of the website, mostly we do wget and then read the code in a text editor.

In chrome, by doing


view-source:URL in the address bar, chrome will directly display the html/js source code of the website, and will NOT render or run anything. So no chance of anything getting executed and you being infected.

Eg. I suspect google.com to be malicious. So initial forensics to view source code then and there in chrome browser :


view-source:http://www.google.com

This is not just chrome i started using it long back with firefox. when you used to view source in firefox it use to open new tab / window with this in url and so i started using it..

another tip.

if you are doing a pentest and want to get a shell running with minimal code. just let the shell echo the output without any html text enclosing it. then use the viewsource mode to view the shell output it will be autoprettified :P.
applicable for shell as well as file inclusion or file read / directory traversal'.

also keep in mind the link are clickable and they will open view-source mode only.