BurpSuite-Team-Extension. This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes through your Burpsuite instance will be replicated in the history of the other testers and vice-versa!
261gofingerprint. GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
209BurpSuiteAutoCompletion. This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.
167CloudCopy. This tool implements a cloud version of the Shadow Copy attack against domain controllers running in AWS using only the EC2:CreateSnapshot permission.
124RepeaterSearch. This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response matches a query via simple text matching or Regex.
81ParameterMiner. Built on a lazy Sunday after seeing this tweet (https://twitter.com/intigriti/status/1272145863868104705?s=20) I present to you, ParameterMiner! Pipe in a list of javascript urls and ParameterMiner pulls all the variable names.
52DirectoryImporter. This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an alternative to proxying bruteforcing tools through burp to catch the results.
36vhostChecker. VHostChecker takes a csv list of targets in the form of domain,ip,port and runs 4 seperate connection checks to get a quick sense of how the target handles Host Header changes.
34BurpSuiteTeamServer. This is the Go Server that relays all HTTP requests and responses between clients.
28goRecorder. During pentesting I often miss screenshots of events for reports due to the quick pace of testing and a lack of foreknowledge about what will be important. To remedy that problem (and also to teach myself go) I built a command line tool that implements the "clip that" functionality of gaming consoles to allow me to save the last minute of screen activity as images to later view.
26BurpSuiteAutoRepeaterNaming. This extension replaces the default repeater tab name with the URL path of the repeater request.
25BurpGraphQLViewer. This extension provides a central location for viewing all GraphQL requests/responses within a Burp project. It provides a clean UI that groups all requests by "operationName" and for each GraphQL request shows a pretty printed view of the query and the raw Burp Suite Request/Response.
16BurpSuiteShareRequests. This Burp Suite extension enables the generation of shareable links to specific requests which other Burp Suite users can import.
13BurpRequestCleaner. This extension redacts potentially sensitive header and parameter values from requests using Shannon Entropy analysis.
13BOR. BOR - Break On Request, is a burp extension that provides a custom context menu for marking requests to be stopped by the interceptor with only one click!
13UUIDHunter. This Extension provides a Passive and Active Scan Check that detects V1 UUIDs and attempts to find other potentially valid ones.
6aem-rce. Python and Metasploit module for exploiting Adobe Experience Manager (AEM) default credentials which can be used to achieve RCE
6BurpSuiteGuiLibrary. Library for manipulating BurpSuites UI
6GoPatternMatcher. This tool allows for quickly searching for a specified pattern within HTTP Response bodies. Simply pipe in a list of URLs, specify your pattern and hit enter.
5SitemapHostNote. This Burp Suite Extension allows you to add a note to a host in the Site map.
5BurpSuiteSaveIntruderTabs. This Burp Suite Extension allows you to save Intruder tabs for a project
5pyGPOAbuse. Partial python implementation of SharpGPOAbuse
3XSSContentDiscover. This is a PoC for an attack path I've seen on multiple engagements I wanted to standardize.
3CommunityToolRequests. This repository attempts to provide a common place for those in the security space to request tooling and find ideas for tools to build.
3HackerOneVulnerabilityDrafter. This Burp Suite Extension provides a custom context menu for sending Repeater requests or Scanner findings to HackerOne's vulnerability submission endpoint.
2MutliNWriter. This package provides an alternative to io.MultiWriter that enables dynamic addition and removal of io.Writers at run time.
2Console. Faction C2 Framework Console Service
1Burp-IISTildeEnumerationScanner. Burp extension for exploiting IIS Tilde Enumeration vulnerability
1AdventOfCode2021. Github project for tracking AdventOfCode 2021 Solutions
1hackvertor. Java
1infiniMaze. InfiniMaze is an infinite, persistent, procedurally generated, explorable maze! Based off of https://github.com/itchyny/maze but heavily modified to support this use case.
1EyeWitness. EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
1Hibernate-Injection-Study. Study about HQL injection exploitation.
1