A vast collection of security tools for bug bounty, pentest and red teaming


nuclei-burp-plugin on offsec.tools

A Burp Suite plugin intended to help with Nuclei template generation.

Pentest Mapper on offsec.tools
Pentest Mapper

Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.

PyCript on offsec.tools

Bypass client-side encryption using custom logic for testing with Python and NodeJS.

PwnFox on offsec.tools

A Firefox/Burp Suite extension that provide usefull tools for your security audit.

Agartha on offsec.tools

Burp Suite extension for dynamic payload generation to detect injection flaws.

#burpsuite   #lfi   #payloads   #rce   #sqli   #xss  

Highlighter and Extractor on offsec.tools
Highlighter and Extractor

Collect, categorize and highlight requests and/or responses according to their content.

burp-exporter on offsec.tools

Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.

Trishul on offsec.tools

Burp Suite Extension to hunt for common vulnerabilities found in websites.

ATOR on offsec.tools

Authentication Token Obtain and Replace Extender.

safecopy on offsec.tools

Burp Extension for copying requests safely.

malicious-pdf on offsec.tools

Generates a bunch of malicious pdf files with phone-home functionality.

H1 Report Finder on offsec.tools
H1 Report Finder

A burpsuite extension to find security reports published on HackerOne based on the selected host.

cstc on offsec.tools

Burp Suite extension that allows request/response modification using a GUI.

Request Highlighter on offsec.tools
Request Highlighter

Burp Suite extension that automatically highlights different HTTP requests.

BurpSuiteHTTPSmuggler on offsec.tools

A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.

domain_hunter on offsec.tools

Try to find all subdomains, similar-domains and related-domains of an organization.

Burp NTLM Challenge Decoder on offsec.tools
Burp NTLM Challenge Decoder

Burp extension to decode NTLM SSP headers and extract domain/host information.

Dangerous Methods on offsec.tools
Dangerous Methods

A Burp Suite extension for finding the use of potentially dangerous methods/functions.

Freddy Deserialization Bug Finder on offsec.tools
Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

BurpSmartBuster on offsec.tools

A Burp Suite content discovery plugin that add the smart into the Buster.

AWS security checks on offsec.tools
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

bypasswaf on offsec.tools

Add headers to all Burp requests to bypass some WAF products.

SqlmapDnsCollaborator on offsec.tools

Lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap.

burp-vulners-scanner on offsec.tools

Vulnerability scanner based on vulners.com search API.

Auth Analyzer on offsec.tools
Auth Analyzer

The Burp extension helps you to find authorization bugs.

AuthMatrix on offsec.tools

Provides a simple way to test authorization in web applications and web services.

OpenAPI on offsec.tools

Parse OpenAPI specifications into the BurpSuite for automating RESTful API testing.

Burp WP on offsec.tools
Burp WP

Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.

Burp Extender API on offsec.tools
Burp Extender API

Burp Extender API.

sqlipy on offsec.tools

Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

Distribute Damage on offsec.tools
Distribute Damage

Evenly distributes scanner load across targets.

Hackvertor on offsec.tools

Tag based conversion tool written in Java implemented as a Burp Suite extension.

J2EEScan on offsec.tools

Improve the test coverage during web application penetration tests on J2EE applications.

Replicator on offsec.tools

Burp Suite extension to help developers replicate findings from pentests.

scan-check-builder on offsec.tools

Burp Suite extension which helps to improve the active and passive scanner by yourself.

Dastardly Scan Action on offsec.tools
Dastardly Scan Action

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

JWT4B on offsec.tools

JWT Support for Burp Suite.

HTTPoxy Scanner on offsec.tools
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

Stepper on offsec.tools

A natural evolution of Burp Suite's Repeater tool.

authz on offsec.tools

Burp Suite plugin to test for authorization flaws.

Shelling on offsec.tools

A comprehensive OS command injection payload generator.

JOSEPH on offsec.tools

JavaScript Object Signing and Encryption Pentesting Helper.

IPRotate on offsec.tools

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

OAUTHScan on offsec.tools

Burp Suite Extension useful to verify OAUTHv2 and OpenID security.

Autowasp on offsec.tools

A one-stop pentesting checklist and logger tool.

UploadScanner on offsec.tools

HTTP file upload scanner for Burp Proxy.

Hackability on offsec.tools

Probe a rendering engine for vulnerabilities and other features.

Collaborator Everywhere on offsec.tools
Collaborator Everywhere

Burp Suite extension which injects non-invasive headers to reveal backend systems.

HTTP Request Smuggler on offsec.tools
HTTP Request Smuggler

Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.

BurpBeautifier on offsec.tools

Burpsuite extension for beautifying request/response body.

JSONBeautifier on offsec.tools

JSON Beautifier for Burp written in Java.

WSDL Wizard on offsec.tools
WSDL Wizard

Burp Suite plugin to detect current and discover new WSDL files.

Logger++ on offsec.tools

Log activities of all the tools in Burp Suite.

Headless Burp on offsec.tools
Headless Burp

Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.

Flow on offsec.tools

Provides view with filtering capabilities for all requests from all Burp Suite tools.

AutoRepeater on offsec.tools

Automated HTTP Request Repeating With Burp Suite.

BurpSentinel on offsec.tools

GUI Burp Plugin to ease discovering of security holes in web applications.

ActiveScan++ on offsec.tools

Extends Burp Suite's active and passive scanning capabilities.

backslash-powered-scanner on offsec.tools

Finds unknown classes of injection vulnerabilities.

jwt-heartbreaker on offsec.tools

Burp Suite extension to check JWT for using keys from known from public sources.

Burp-AnonymousCloud on offsec.tools

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

Xss-Sql-Fuzz on offsec.tools

Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.

rexsser on offsec.tools

Burp Suite plugin that extracts keywords from response using and test for reflected XSS.

BitBlinder on offsec.tools

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

Femida on offsec.tools

Automated blind-xss search for Burp Suite.

xssValidator on offsec.tools

A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.

SQLTruncSanner on offsec.tools

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

MSSQLi-DUET on offsec.tools

SQL injection script for Microsoft SQL Server.

SleuthQL on offsec.tools

Burp History parsing tool to discover potential SQL injection points.

Turbo Intruder on offsec.tools
Turbo Intruder

Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

Autorize on offsec.tools

Automatic authorization enforcement detection extension for Burp Suite.

GadgetProbe on offsec.tools

Probe endpoints consuming Java serialized objects for fingerprinting.

GraphQL Beautifier on offsec.tools
GraphQL Beautifier

Burp Suite extension to help make Graphql request more readable.

InQL on offsec.tools

Burp Extension for GraphQL Security Testing.

BurpBounty on offsec.tools

Improve the active and passive Burp Suite scanner by means of custom rules through GUI.

off-by-slash on offsec.tools

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

IntruderPayloads on offsec.tools

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

param-miner on offsec.tools

Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.

BurpJSLinkFinder on offsec.tools

Burp Extension for a passive scanning JS files for endpoint links.

GAP on offsec.tools

A Burp Suite extension to find potential endpoints and parameters.

DataExtractor on offsec.tools

A Burp Suite extension to extract data from source code while browsing.

Burp Suite on offsec.tools
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.