548 Open source projects that are alternatives of or similar to Burpbounty

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

A python tool to check subdomain takeover vulnerability

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Security checks pack for Burp Suite

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Credentials Checking Framework

Toolset for detecting reflected xss in websites

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Host Header Injection Scanner

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

Burp extension intended to compact Burp extension tabs by hijacking them to own tab.

Pentest: Subdomains enumeration tool for penetration testers.

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

Little Bug Bounty & Hacking Tools⚔️

The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and fas…

HackBar plugin for Burpsuite

Related subdomains finder

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

A Tool for Domain Flyovers

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

🎯 XML External Entity (XXE) Injection Payload List

🆕 The Multi-Tool Web Vulnerability Scanner.

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Burp extension for automated handling of CSRF tokens

Extract endpoints marked as disallow in robots files to generate wordlists.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.

Utilities for creating Burp Suite Extensions.

InQL - A Burp Extension for GraphQL Security Testing

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Burp Extension that copies a request and builds a FFUF skeleton

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly

Web path scanner

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.

Burp extension to passively scan for applications revealing software version numbers

One-click installer for Frida and Burp certs for SSL Pinning bypass

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

This Burp extension helps you to find usages of postMessage and recvMessage

Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.

A Powerful Subdomain Takeover Tool

Fast and customizable vulnerability scanner based on simple YAML based DSL.

A collection of awesome one-liner scripts especially for bug bounty tips.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

It's a Docker Environment for pentesting which having all the required tool for VAPT.

平常看到好的渗透hacking工具和多领域效率工具的集合

Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.