SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (-88.01%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-80.02%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (-71.35%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-84.21%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (-95.13%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (-89.77%)
Bug-HuntingA Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.
Stars: ✭ 110 (-89.28%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (-10.82%)
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-93.18%)
xforwardyHost Header Injection Scanner
Stars: ✭ 32 (-96.88%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-95.81%)
KillshotA Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Stars: ✭ 237 (-76.9%)
burp-wildcardBurp extension intended to compact Burp extension tabs by hijacking them to own tab.
Stars: ✭ 119 (-88.4%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-86.16%)
fleexFleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
Stars: ✭ 181 (-82.36%)
TurboDataMinerThe objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and fas…
Stars: ✭ 46 (-95.52%)
HackbarHackBar plugin for Burpsuite
Stars: ✭ 917 (-10.62%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-97.17%)
XattackerX Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (-12.57%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-95.81%)
MarsnakeSystem Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-98.44%)
KnifeA burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
Stars: ✭ 626 (-38.99%)
avainA Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (-94.54%)
auth analyzerBurp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Stars: ✭ 77 (-92.5%)
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (-24.46%)
Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (-80.41%)
BurpcryptoBurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).
Stars: ✭ 350 (-65.89%)
gradejsGradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
Stars: ✭ 362 (-64.72%)
burp-token-rewriteBurp extension for automated handling of CSRF tokens
Stars: ✭ 15 (-98.54%)
roboxtractorExtract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (-96.1%)
ArissploitArissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-88.89%)
flarequenchBurp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.
Stars: ✭ 44 (-95.71%)
burp-suite-utilsUtilities for creating Burp Suite Extensions.
Stars: ✭ 19 (-98.15%)
InqlInQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (-30.31%)
VPS-Bug-Bounty-ToolsScript that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Stars: ✭ 44 (-95.71%)
Jasmin-RansomwareJasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
Stars: ✭ 84 (-91.81%)
burp-copy-as-ffufBurp Extension that copies a request and builds a FFUF skeleton
Stars: ✭ 77 (-92.5%)
VulsAgent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+761.99%)
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Stars: ✭ 388 (-62.18%)
Aes KillerBurp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
Stars: ✭ 446 (-56.53%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+606.24%)
erebusErebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.
Stars: ✭ 72 (-92.98%)
frida setupOne-click installer for Frida and Burp certs for SSL Pinning bypass
Stars: ✭ 47 (-95.42%)
swiss-bugbounty-programsList of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland
Stars: ✭ 25 (-97.56%)
burp-flowExtension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
Stars: ✭ 45 (-95.61%)
SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (-40.84%)
NucleiFast and customizable vulnerability scanner based on simple YAML based DSL.
Stars: ✭ 6,307 (+514.72%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (-68.03%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-50.39%)
PwnbackBurp Extender plugin that generates a sitemap of a website using Wayback Machine
Stars: ✭ 203 (-80.21%)
IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+170.86%)
NightingaleIt's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (-88.4%)
Burpsuite Secret finderBurp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.
Stars: ✭ 483 (-52.92%)