🔍 Discover and analyze historical URLs from the Wayback Machine in Burp Suite to enhance your bug bounty and penetration testing efforts.

🔍 Discover and exploit web vulnerabilities with WebPwn, your go-to tool for enhancing web security testing and vulnerability assessments.

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket

Intentionally vulnerable Android application.

Some useful files for upload features pentesting

Add a local REST API to Burp Suite Pro for instant, scriptable control of proxy, scanning, and scope.

Burp Suite Extension with MCP Server to enhance manual application security testing

Lightweight BApp that seamlessly integrates powerful LLM-scanning capabilities into Burp's built-in Scanner with improved accuracy. Supports the latest LLMs from OpenAI (gpt-4o, o1), Anthropic (Claude 3.5, Claude 3), and Google (Gemini 1.5). Requires valid API key(s) and an active Burp Suite Pro or Enterprise license.

PwnFox is an extension for Burp Suite

Sitemap Exporter is an extension for Burp Suite that lets you export items from the Site Map to files on your disk.

PoC of Android deep link abuse for app impersonation

A BurpSuite extension that allows you to use Chromium with PwnFox

BSMAPREC is a Burp Suite extension that automatically detects and extracts source maps from JavaScript files. It helps security researchers and developers identify and analyze the original source code of minified JavaScript files.

Baiwogen is a Burp Suite extension that leverages AI to generate targeted wordlists for security testing. It traverses your target’s sitemap, filters relevant endpoints, and produces variations of paths, file names, and parameters.

Payload Delivery Server for Web Exploits

This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.

AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerability detection, provide intelligent analysis, and assist security professionals in identifying complex security issues.

SALSA 💃⚡ - SALesforce Scanner for Aura (and beyond). Enumeration of vulnerabilities and misconfigurations against Salesforce endpoint.

Burp bridge to FFUF

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.