MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+97.56%)
auth analyzerBurp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Stars: ✭ 77 (-6.1%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+78.05%)
flarequenchBurp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.
Stars: ✭ 44 (-46.34%)
TurboDataMinerThe objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and fas…
Stars: ✭ 46 (-43.9%)
sqlinjection-training-appA simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-31.71%)
burp-piperPiper Burp Suite Extender plugin
Stars: ✭ 85 (+3.66%)
U2cUnicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】
Stars: ✭ 83 (+1.22%)
CstcCSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
Stars: ✭ 91 (+10.98%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+2251.22%)
Headless BurpAutomate security tests using Burp Suite.
Stars: ✭ 192 (+134.15%)
burp-token-rewriteBurp extension for automated handling of CSRF tokens
Stars: ✭ 15 (-81.71%)
filter-var-sqliBypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )
Stars: ✭ 29 (-64.63%)
burp-flowExtension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
Stars: ✭ 45 (-45.12%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+4623.17%)
BurpcryptoBurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).
Stars: ✭ 350 (+326.83%)
Burpsuite CollectionsBurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+1218.29%)
Hunter(l)user hunter using WinAPI calls only
Stars: ✭ 359 (+337.8%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+365.85%)
Vulnerable AdCreate a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
Stars: ✭ 360 (+339.02%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+374.39%)
AutorizeAutomatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Stars: ✭ 406 (+395.12%)
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (+671.95%)
SwurgParse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (+14.63%)
RecaptchareCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件
Stars: ✭ 596 (+626.83%)
Black WidowGUI based offensive penetration testing tool (Open Source)
Stars: ✭ 124 (+51.22%)
Domain hunterA Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
Stars: ✭ 594 (+624.39%)
KnifeA burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
Stars: ✭ 626 (+663.41%)
sqlscanQuick SQL Scanner, Dorker, Webshell injector PHP
Stars: ✭ 140 (+70.73%)
burp-aem-scannerBurp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.
Stars: ✭ 60 (-26.83%)
burp-suite-utilsUtilities for creating Burp Suite Extensions.
Stars: ✭ 19 (-76.83%)
burp-wildcardBurp extension intended to compact Burp extension tabs by hijacking them to own tab.
Stars: ✭ 119 (+45.12%)
burp-api-commoncommon methods that used by my burp extension projects
Stars: ✭ 29 (-64.63%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (+50%)
Dsinternals Directory Services Internals (DSInternals) PowerShell Module and Framework
Stars: ✭ 776 (+846.34%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+4171.95%)
ArachniWeb Application Security Scanner Framework
Stars: ✭ 2,942 (+3487.8%)
Androl4bA Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Stars: ✭ 908 (+1007.32%)
HopLaHopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
Stars: ✭ 446 (+443.9%)
vulnerabilitiesList of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-82.93%)
Aes KillerBurp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
Stars: ✭ 446 (+443.9%)
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+840.24%)
HackbarHackBar plugin for Burpsuite
Stars: ✭ 917 (+1018.29%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+1146.34%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-24.39%)
Log Requests To SqliteBURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
Stars: ✭ 44 (-46.34%)
GivingstormInfection vector that bypasses AV, IDS, and IPS. (For now...)
Stars: ✭ 72 (-12.2%)
PsattackA portable console aimed at making pentesting with PowerShell a little easier.
Stars: ✭ 1,021 (+1145.12%)