Take it like a gift

Enumerating and attacking Java Remote Method Invocation services.

A portable device that can spoof/emulate any magnetic stripe, credit card or hotel card wirelessly.

JSON Web Tokens Support for Burp Suite.

Automated blind-xss search for Burp Suite.

Rip web accessible version control systems: svn, git...

Identify applications even if they are running on a different port than normal.

A fast, simple, recursive content discovery tool written in Rust.

A modern experience for GDB with advanced debugging capabilities.

Making favicon.ico based recon great again.

Static analysis framework built in house to do security vetting for Android applications.

The powered S3 bucket finder and content discover.

The ultimate Vulnerability Disclosure Policy and Bug Bounty list!

Create vulnerable instrumented local or cloud environments to simulate attacks.

Damn vulnerable cloud application.

Provides view with filtering capabilities for all requests from all Burp Suite tools.