Jsonpjsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
Stars: ✭ 131 (-87.88%)
Attiny85RubberDucky like payloads for DigiSpark Attiny85
Stars: ✭ 169 (-84.37%)
EnumdbRelational database brute force and post exploitation tool for MySQL and MSSQL
Stars: ✭ 167 (-84.55%)
GetaltnameExtract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-70.4%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-81.59%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-82.7%)
BurpbountyBurp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (-5.09%)
Hack ToolsThe all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+154.39%)
Ssrf TestingSSRF (Server Side Request Forgery) testing resources
Stars: ✭ 1,718 (+58.93%)
Vaultswiss army knife for hackers
Stars: ✭ 346 (-67.99%)
KaboomA tool to automate penetration tests
Stars: ✭ 322 (-70.21%)
Impost3r👻Impost3r -- A linux password thief
Stars: ✭ 355 (-67.16%)
RdpasssprayPython3 tool to perform password spraying using RDP
Stars: ✭ 368 (-65.96%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (-28.31%)
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Stars: ✭ 388 (-64.11%)
Awesome FuzzingA curated list of awesome Fuzzing(or Fuzz Testing) for software security
Stars: ✭ 399 (-63.09%)
PacketwhisperPacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-62.53%)
googleauthenticatorBurp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 18 (-98.33%)
Oss FuzzOSS-Fuzz - continuous fuzzing for open source software.
Stars: ✭ 6,937 (+541.72%)
JusttryharderJustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (-58.37%)
burp-piperPiper Burp Suite Extender plugin
Stars: ✭ 85 (-92.14%)
fuzzufFuzzing Unification Framework
Stars: ✭ 263 (-75.67%)
AutorizeAutomatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Stars: ✭ 406 (-62.44%)
NullinuxInternal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Stars: ✭ 451 (-58.28%)
HopLaHopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
Stars: ✭ 446 (-58.74%)
clusterfuzzliteClusterFuzzLite - Simple continuous fuzzing that runs in CI.
Stars: ✭ 315 (-70.86%)
ExploitpackExploit Pack -The next generation exploit framework
Stars: ✭ 728 (-32.65%)
RatelRAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (-88.81%)
BadintentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite
Stars: ✭ 303 (-71.97%)
VajraVajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-75.12%)
BurpdeveltrainingMaterial for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
Stars: ✭ 302 (-72.06%)
Syzkallersyzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+255.32%)
SusanooA REST API security testing framework.
Stars: ✭ 287 (-73.45%)
Lockdoor Framework🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (-37.37%)
GadgetprobeProbe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Stars: ✭ 381 (-64.75%)
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-52.17%)
BurpsuitehttpsmugglerA Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
Stars: ✭ 529 (-51.06%)
EhtoolsWi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.
Stars: ✭ 422 (-60.96%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+195.84%)
Stowaway👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (-53.75%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (-54.49%)
Burpsuite Secret finderBurp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.
Stars: ✭ 483 (-55.32%)
PrivesccheckPrivilege Escalation Enumeration Script for Windows
Stars: ✭ 1,032 (-4.53%)
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-49.95%)
Eyes👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Stars: ✭ 38 (-96.48%)
Thc ArchiveAll releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-56.15%)
Jsfuzzcoverage guided fuzz testing for javascript
Stars: ✭ 532 (-50.79%)
HabuHacking Toolkit
Stars: ✭ 635 (-41.26%)
Domain hunterA Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
Stars: ✭ 594 (-45.05%)
CrosshairAn analysis tool for Python that blurs the line between testing and type systems.
Stars: ✭ 586 (-45.79%)
FinalreconThe Last Web Recon Tool You'll Need
Stars: ✭ 888 (-17.85%)
Burp Send ToAdds a customizable "Send to..."-context-menu to your BurpSuite.
Stars: ✭ 114 (-89.45%)