Open Source Vulnerability Management Platform

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

myscan 被动扫描

Writeups for PortSwigger WebSecurity Academy

A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations. It supports dynamic payload generation, including BCheck syntax, and can automatically generate Bambdas scripts. Additionally, it offers "Copy as JavaScript" to convert HTTP requests for enhanced XSS testing.

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Identify technologies used on websites.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues

Identify the technologies used on websites. (Dig-deep into web tech from your terminal)

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities

A Burp Suite extension to extract datas from source code while browsing.