Take it like a gift

headi
headi

Customisable and automated HTTP header injection.

Namechk
Namechk

Check usernames on more than 100 websites, forums and social networks.

H1 Report Finder
H1 Report Finder

A burpsuite extension to find security reports published on HackerOne based on the selected host.

XXE-FTP
XXE-FTP

A mini webserver with FTP support for XXE payloads.

JS-Tap
JS-Tap

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant.

ChopChop
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

bypasswaf
bypasswaf

Add headers to all Burp requests to bypass some WAF products.

Linpmem
Linpmem

The Linux memory acquisition tool.

PayGen
PayGen

Tool to generate stable undetected payload.

jsfinder
jsfinder

Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.

IPRotate
IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

PrivacyNet
PrivacyNet

Allow users to route Internet traffic through Tor and hide their real IP address.

JWTweak
JWTweak

Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.

WebCopilot
WebCopilot

Automation tool designed to enumerate subdomains and detect bugs using different open-source tools.

Autorize
Autorize

Automatic authorization enforcement detection extension for Burp Suite.