#burpsuite

nuclei-burp-plugin on offsec.tools
Sponsor
nuclei-burp-plugin

A Burp Suite plugin intended to help with Nuclei template generation.

AutoRepeater on offsec.tools
Featured
AutoRepeater

Automated HTTP Request Repeating With Burp Suite.

Scavenger on offsec.tools
Scavenger

Burp Suite extension to create target specific and tailored wordlist from burp history.

GatherContacts on offsec.tools
GatherContacts

Burp Suite extension to pull employee names from Google and Bing LinkedIn search results.

BurpGPT on offsec.tools
BurpGPT

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan.

AndroSet on offsec.tools
AndroSet

Manage Burp Suite certificate in Android to redirect all traffic to Burp Suite.

co2 on offsec.tools
co2

A collection of enhancements for Portswigger's popular Burp Suite web penetration testing tool.

json-web-tokens on offsec.tools
json-web-tokens

JSON Web Tokens Support for Burp Suite.

403-bypasser on offsec.tools
403-bypasser

A Burp Suite extension made to automate the process of bypassing 403 pages.

additional-scanner-checks on offsec.tools
additional-scanner-checks

Collection of scanner checks missing in Burp.

csrf-scanner on offsec.tools
csrf-scanner

CSRF Scanner Extension for Burp Suite Pro.

JSpector on offsec.tools
JSpector

Burp Suite extension to crawl JS files in passive mode and display the results on the issues.

Pentest Mapper on offsec.tools
Pentest Mapper

Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.

PyCript on offsec.tools
PyCript

Bypass client-side encryption using custom logic for testing with Python and NodeJS.

PwnFox on offsec.tools
PwnFox

A Firefox/Burp Suite extension that provide usefull tools for your security audit.

Agartha on offsec.tools
Agartha

Burp Suite extension for dynamic payload generation to detect injection flaws.

#burpsuite   #lfi   #payloads   #rce   #sqli   #xss  

Highlighter and Extractor on offsec.tools
Highlighter and Extractor

Collect, categorize and highlight requests and/or responses according to their content.

burp-exporter on offsec.tools
burp-exporter

Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.

Trishul on offsec.tools
Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

ATOR on offsec.tools
ATOR

Authentication Token Obtain and Replace Extender.

safecopy on offsec.tools
safecopy

Burp Extension for copying requests safely.

malicious-pdf on offsec.tools
malicious-pdf

Generates a bunch of malicious pdf files with phone-home functionality.

cstc on offsec.tools
cstc

Burp Suite extension that allows request/response modification using a GUI.

H1 Report Finder on offsec.tools
H1 Report Finder

A burpsuite extension to find security reports published on HackerOne based on the selected host.

Request Highlighter on offsec.tools
Request Highlighter

Burp Suite extension that automatically highlights different HTTP requests.

BurpSuiteHTTPSmuggler on offsec.tools
BurpSuiteHTTPSmuggler

A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.

domain_hunter on offsec.tools
domain_hunter

Try to find all subdomains, similar-domains and related-domains of an organization.

Burp NTLM Challenge Decoder on offsec.tools
Burp NTLM Challenge Decoder

Burp extension to decode NTLM SSP headers and extract domain/host information.

Dangerous Methods on offsec.tools
Dangerous Methods

A Burp Suite extension for finding the use of potentially dangerous methods/functions.

Freddy Deserialization Bug Finder on offsec.tools
Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

SqlmapDnsCollaborator on offsec.tools
SqlmapDnsCollaborator

Lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap.

bypasswaf on offsec.tools
bypasswaf

Add headers to all Burp requests to bypass some WAF products.

AWS security checks on offsec.tools
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

BurpSmartBuster on offsec.tools
BurpSmartBuster

A Burp Suite content discovery plugin that add the smart into the Buster.

burp-vulners-scanner on offsec.tools
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

Auth Analyzer on offsec.tools
Auth Analyzer

The Burp extension helps you to find authorization bugs.

AuthMatrix on offsec.tools
AuthMatrix

Provides a simple way to test authorization in web applications and web services.

OpenAPI on offsec.tools
OpenAPI

Parse OpenAPI specifications into the BurpSuite for automating RESTful API testing.

Burp Extender API on offsec.tools
Burp Extender API

Burp Extender API.

Burp WP on offsec.tools
Burp WP

Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.

sqlipy on offsec.tools
sqlipy

Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

HTTPoxy Scanner on offsec.tools
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

Stepper on offsec.tools
Stepper

A natural evolution of Burp Suite's Repeater tool.

JWT4B on offsec.tools
JWT4B

JWT Support for Burp Suite.

Dastardly Scan Action on offsec.tools
Dastardly Scan Action

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

Replicator on offsec.tools
Replicator

Burp Suite extension to help developers replicate findings from pentests.

scan-check-builder on offsec.tools
scan-check-builder

Burp Suite extension which helps to improve the active and passive scanner by yourself.

Distribute Damage on offsec.tools
Distribute Damage

Evenly distributes scanner load across targets.

J2EEScan on offsec.tools
J2EEScan

Improve the test coverage during web application penetration tests on J2EE applications.

Hackvertor on offsec.tools
Hackvertor

Tag based conversion tool written in Java implemented as a Burp Suite extension.

Collaborator Everywhere on offsec.tools
Collaborator Everywhere

Burp Suite extension which injects non-invasive headers to reveal backend systems.

HTTP Request Smuggler on offsec.tools
HTTP Request Smuggler

Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.

Hackability on offsec.tools
Hackability

Probe a rendering engine for vulnerabilities and other features.

UploadScanner on offsec.tools
UploadScanner

HTTP file upload scanner for Burp Proxy.

Autowasp on offsec.tools
Autowasp

A one-stop pentesting checklist and logger tool.

OAUTHScan on offsec.tools
OAUTHScan

Burp Suite Extension useful to verify OAUTHv2 and OpenID security.

IPRotate on offsec.tools
IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

JOSEPH on offsec.tools
JOSEPH

JavaScript Object Signing and Encryption Pentesting Helper.

Shelling on offsec.tools
Shelling

A comprehensive OS command injection payload generator.

authz on offsec.tools
authz

Burp Suite plugin to test for authorization flaws.

BurpBeautifier on offsec.tools
BurpBeautifier

Burpsuite extension for beautifying request/response body.

Logger++ on offsec.tools
Logger++

Log activities of all the tools in Burp Suite.

WSDL Wizard on offsec.tools
WSDL Wizard

Burp Suite plugin to detect current and discover new WSDL files.

JSONBeautifier on offsec.tools
JSONBeautifier

JSON Beautifier for Burp written in Java.

Headless Burp on offsec.tools
Headless Burp

Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.

BurpSentinel on offsec.tools
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

Flow on offsec.tools
Flow

Provides view with filtering capabilities for all requests from all Burp Suite tools.

ActiveScan++ on offsec.tools
ActiveScan++

Extends Burp Suite's active and passive scanning capabilities.

backslash-powered-scanner on offsec.tools
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

Burp-AnonymousCloud on offsec.tools
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

jwt-heartbreaker on offsec.tools
jwt-heartbreaker

Burp Suite extension to check JWT for using keys from known from public sources.

rexsser on offsec.tools
rexsser

Burp Suite plugin that extracts keywords from response using and test for reflected XSS.

Xss-Sql-Fuzz on offsec.tools
Xss-Sql-Fuzz

Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.

xssValidator on offsec.tools
xssValidator

A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.

Femida on offsec.tools
Femida

Automated blind-xss search for Burp Suite.

BitBlinder on offsec.tools
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

SQLTruncSanner on offsec.tools
SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Burp-to-SQLMap on offsec.tools
Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

MSSQLi-DUET on offsec.tools
MSSQLi-DUET

SQL injection script for Microsoft SQL Server.

SleuthQL on offsec.tools
SleuthQL

Burp History parsing tool to discover potential SQL injection points.

Turbo Intruder on offsec.tools
Turbo Intruder

Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

Autorize on offsec.tools
Autorize

Automatic authorization enforcement detection extension for Burp Suite.

GadgetProbe on offsec.tools
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

GraphQL Beautifier on offsec.tools
GraphQL Beautifier

Burp Suite extension to help make Graphql request more readable.

InQL on offsec.tools
InQL

Burp Extension for GraphQL Security Testing.

BurpBounty on offsec.tools
BurpBounty

Improve the active and passive Burp Suite scanner by means of custom rules through GUI.

off-by-slash on offsec.tools
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

IntruderPayloads on offsec.tools
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

param-miner on offsec.tools
param-miner

Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.

BurpJSLinkFinder on offsec.tools
BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

Retire.js on offsec.tools
Retire.js

Detects the use of JavaScript libraries with known vulnerabilities.

GAP on offsec.tools
GAP

A Burp Suite extension to find potential endpoints and parameters.

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

Burp Suite on offsec.tools
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.