Burp Suite Extension with MCP Server to enhance manual application security testing

Burp bridge to FFUF

🔍 Discover and exploit web vulnerabilities with WebPwn, your go-to tool for enhancing web security testing and vulnerability assessments.

Baiwogen is a Burp Suite extension that leverages AI to generate targeted wordlists for security testing. It traverses your target’s sitemap, filters relevant endpoints, and produces variations of paths, file names, and parameters.

Payload Delivery Server for Web Exploits

PwnFox is an extension for Burp Suite

Sitemap Exporter is an extension for Burp Suite that lets you export items from the Site Map to files on your disk.

Apache Log4j2 RCE( CVE-2021-44228)验证环境

🔍 Discover and analyze historical URLs from the Wayback Machine in Burp Suite to enhance your bug bounty and penetration testing efforts.

Add a local REST API to Burp Suite Pro for instant, scriptable control of proxy, scanning, and scope.

Some useful files for upload features pentesting

extract social media accounts and check if possible to hijacking

BSMAPREC is a Burp Suite extension that automatically detects and extracts source maps from JavaScript files. It helps security researchers and developers identify and analyze the original source code of minified JavaScript files.

Vulnerable Android application for developers and security researchers to learn about Android penetration testing/ bug bounty hunting. Updated to run with Python 3.

Text4Shell的burp被动扫描插件

使用java编写的CRLF-Injection-burp被动扫描插件

Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)

PoC of Android deep link abuse for app impersonation

A BurpSuite extension for vulnerability Scanning

Hello, Attack Surface Scan, BurpSuite完全被动扫描插件，不主动发送任何请求，适合挂机使用。