965 Open source projects that are alternatives of or similar to Burpsuite Collections

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

RubberDucky like payloads for DigiSpark Attiny85

Relational database brute force and post exploitation tool for MySQL and MSSQL

Extract subdomains from SSL certificates in HTTPS sites.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

The all-in-one Red Team extension for Web Pentester 🛠

SSRF (Server Side Request Forgery) testing resources

swiss army knife for hackers

A tool to automate penetration tests

👻Impost3r -- A linux password thief

Python3 tool to perform password spraying using RDP

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

A curated list of awesome Fuzzing(or Fuzz Testing) for software security

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Burp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).

OSS-Fuzz - continuous fuzzing for open source software.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Piper Burp Suite Extender plugin

Fuzzing Unification Framework

burp验证码识别接口调用插件

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

burpsuite extension for extract information from data

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

ClusterFuzzLite - Simple continuous fuzzing that runs in CI.

Exploit Pack -The next generation exploit framework

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

syzkaller is an unsupervised coverage-guided kernel fuzzer

Open Redirect Payloads

A REST API security testing framework.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Burpsuite-Plugins-Usage

CVE-2016-8610 (SSL Death Alert) PoC

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Go Fuzzit Example

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

hydra

Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.

Privilege Escalation Enumeration Script for Windows

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

coverage guided fuzz testing for javascript

Hacking Toolkit

A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件

An analysis tool for Python that blurs the line between testing and type systems.

The Last Web Recon Tool You'll Need

Adds a customizable "Send to..."-context-menu to your BurpSuite.