A vast collection of security tools for bug bounty, pentest and red teaming
Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.
Highlighter and Extractor
Collect, categorize and highlight requests and/or responses according to their content.
Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.
H1 Report Finder
A burpsuite extension to find security reports published on HackerOne based on the selected host.
A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.
Burp NTLM Challenge Decoder
Burp extension to decode NTLM SSP headers and extract domain/host information.
A Burp Suite extension for finding the use of potentially dangerous methods/functions.
Freddy Deserialization Bug Finder
A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.
Lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap.
Burp Suite extension which helps to improve the active and passive scanner by yourself.
Dastardly Scan Action
Runs a scan using Dastardly by Burp Suite against a target site and generates a report.
Burp Suite extension which injects non-invasive headers to reveal backend systems.
HTTP Request Smuggler
Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.
Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.
Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.
Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.
A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.
Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.
The class-leading vulnerability scanning, penetration testing, and web app security platform.