Josh Bery

Expert
@codewatchorg

bypasswaf. Add headers to all Burp requests to bypass some WAF products

329

sqlipy. SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

261

SideStep. Yet another AV evasion tool

117

cpscam. Bypass captive portals by impersonating inactive users

76

Burp-UserAgent. Automatically modify the User-Agent header in all Burp requests

63

Burp-Yara-Rules. Yara rules to be used with the Burp Yara-Scanner extension

49

Burp-AnonymousCloud. Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities

48

Burp-IndicatorsOfVulnerability. Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack

43

PowerSniper. Password spraying script and helper for creating password lists

34

gophish. GoPhish is a phishing script that enables rapid deployment of phishing sites.

29

jnlpdownloader. jnlpdownloader is a Python script that takes a URL to a JNLP and downloads all the associated JARs and native libraries. Another Java based tool exists that provides this functionality, but this Python version extends the capabilities to include the ability to authenticate with BASIC, DIGEST, NTLM, or cookie authentication.

14

OfficeCracker. Tool to bruteforce Word, Excel, and PowerPoint office document passwords

9

dirscalate. Dirscalate helps escalate a directory traversal vulnerability to root access (hopefully)

6

nacpersonate. The nacpersonate script uses configuration files to impersonate an OS likely to be allowed through the device without special authentication. The tool spoofs TCP and IP options as well as the User-Agent header sent in requests to appear to be from the selected OS.

4

CloudKeyHunter. Scan targets via SMB for cloud key files on Windows systems

2

droidboxhelper. A slight modification to the droidbox source and a helper file to convert the output into a more legible/readable form.

2

PANhunt. PANhunt searches for credit card numbers (PANs) in directories.

1

p2e. Process to escalate to, or p2e, identifies processes on remote hosts running under potentially privileged accounts to be used for escalation in penetration tests

1

RDPSpray. Tool for password spraying RDP

1
19
Apply