530 Open source projects that are alternatives of or similar to SQLi-Query-Tampering

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

One-click installer for Frida and Burp certs for SSL Pinning bypass

reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件

Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.

Security checks pack for Burp Suite

Burp extension to passively scan for applications revealing software version numbers

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly

Burp extension intended to compact Burp extension tabs by hijacking them to own tab.

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

Burp Suite extension to passively scan for applications revealing server error messages

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and fas…

Utilities for creating Burp Suite Extensions.

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).

Burp extension for automated handling of CSRF tokens

HackBar plugin for Burpsuite

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

Automate security tests using Burp Suite.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

It's a Docker Environment for pentesting which having all the required tool for VAPT.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

A Tool for Domain Flyovers

A python tool to check subdomain takeover vulnerability

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

平常看到好的渗透hacking工具和多领域效率工具的集合

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

🎯 XML External Entity (XXE) Injection Payload List

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A collection of awesome one-liner scripts especially for bug bounty tips.

Web path scanner

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

DNS hijacking via dead records automation tool

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A Powerful Subdomain Takeover Tool

This challenge is Inon Shkedy's 31 days API Security Tips.

Burp Extension that copies a request and builds a FFUF skeleton

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Repositório com conteúdo sobre web hacking em português

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

🎯 RFI/LFI Payload List

Little Bug Bounty & Hacking Tools⚔️

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Hacking tools

Collection of Facebook Bug Bounty Writeups

SQL注入扫描器