SwurgParse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (+113.64%)
BadintentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite
Stars: ✭ 303 (+588.64%)
Burpsuite CollectionsBurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+2356.82%)
Jsonpjsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
Stars: ✭ 131 (+197.73%)
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (+227.27%)
GadgetprobeProbe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Stars: ✭ 381 (+765.91%)
HackbarHackBar plugin for Burpsuite
Stars: ✭ 917 (+1984.09%)
ExploitpackExploit Pack -The next generation exploit framework
Stars: ✭ 728 (+1554.55%)
CansinaWeb Content Discovery Tool
Stars: ✭ 709 (+1511.36%)
Babysploit👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Stars: ✭ 883 (+1906.82%)
HashtopolisA Hashcat wrapper for distributed hashcracking
Stars: ✭ 835 (+1797.73%)
GorsairGorsair hacks its way into remote docker containers that expose their APIs
Stars: ✭ 678 (+1440.91%)
PerunPerun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
Stars: ✭ 773 (+1656.82%)
InqlInQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (+1525%)
FinalreconThe Last Web Recon Tool You'll Need
Stars: ✭ 888 (+1918.18%)
AutordpwnThe Shadow Attack Framework
Stars: ✭ 688 (+1463.64%)
Social AnalyzerAPI, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+19102.27%)
SpiderfootSpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+15540.91%)
Ciphey⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Stars: ✭ 9,116 (+20618.18%)
Security whitepapersCollection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Stars: ✭ 644 (+1363.64%)
HabuHacking Toolkit
Stars: ✭ 635 (+1343.18%)
SprayingtoolkitScripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Stars: ✭ 802 (+1722.73%)
SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (+1279.55%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+1661.36%)
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+1825%)
EvillimiterTool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+1636.36%)
SpoilerwallSpoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Stars: ✭ 754 (+1613.64%)
CommoncrawlparserSimple multi threaded tool to extract domain related data from commoncrawl.org
Stars: ✭ 25 (-43.18%)
DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+1547.73%)
DirhuntFind web directories without bruteforce
Stars: ✭ 983 (+2134.09%)
Linuxprivcheckerlinuxprivchecker.py -- a Linux Privilege Escalation Check Script
Stars: ✭ 715 (+1525%)
Pwncatpwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (+1954.55%)
Awesome Burp SuiteAwesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.
Stars: ✭ 712 (+1518.18%)
GogitdumperDump exposed HTTP .git fast
Stars: ✭ 27 (-38.64%)
SecuritySome of my security stuff and vulnerabilities. Nothing advanced. More to come.
Stars: ✭ 835 (+1797.73%)
Lockdoor Framework🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+1438.64%)
DnsbruteDNS Sub-domain brute forcer, in Python + gevent
Stars: ✭ 40 (-9.09%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+16368.18%)
SessiongopherSessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Stars: ✭ 833 (+1793.18%)
Scanlessonline port scan scraper
Stars: ✭ 875 (+1888.64%)
Powershell RatPython based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Stars: ✭ 636 (+1345.45%)
Sn0intSemi-automatic OSINT framework and package manager
Stars: ✭ 814 (+1750%)
KnifeA burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
Stars: ✭ 626 (+1322.73%)
XsserCross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
Stars: ✭ 606 (+1277.27%)
Awesome OscpA curated list of awesome OSCP resources
Stars: ✭ 804 (+1727.27%)
HashviewA web front-end for password cracking and analytics
Stars: ✭ 601 (+1265.91%)
RecaptchareCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件
Stars: ✭ 596 (+1254.55%)
Kubernetes GoatKubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Stars: ✭ 868 (+1872.73%)
GoscanInteractive Network Scanner
Stars: ✭ 795 (+1706.82%)
Domain hunterA Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
Stars: ✭ 594 (+1250%)
Passphrase WordlistPassphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Stars: ✭ 556 (+1163.64%)