Search Results for "burp"
Sort By:
Showing 25 open source projects for "burp"
View related business solutions-
Composable, Open Source Payments PlatformJuspay's Payments Orchestration Platform offers a comprehensive product suite for businesses, including open-source payment orchestration, global payouts, seamless authentication, payment tokenization, fraud & risk management, end-to-end reconciliation, unified payment analytics & more. The company’s offerings also include end-to-end white label payment gateway solutions & real-time payments infrastructure for banks. These solutions help businesses achieve superior conversion rates, reduce fraud, optimize costs, and deliver seamless customer experiences at scale.
-
Gearset | The complete Salesforce DevOps solutionGearset is the only platform you need for unparalleled deployment success, continuous delivery, automated testing and backups.
-
1
JS Analyzer
Burp Suite extension for JavaScript static analysis
JS Analyzer is a powerful static analysis tool implemented as a Burp Suite extension that helps security researchers and web developers automatically uncover important artifacts in JavaScript files during web application testing. It parses JavaScript responses intercepted by Burp Suite and intelligently extracts API endpoints, full URLs (including cloud storage links), secrets like API keys or tokens, and email addresses while filtering out noise from irrelevant code patterns. ... -
2
InQL Scanner
A Burp Extension for GraphQL Security Testing
A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. Since version 1.0.0 of the tool, InQL was extended to operate within Burp Suite. In this mode, the tool will retain all the stand-alone script capabilities and add a handy user interface for manipulating queries. Search for known GraphQL URL paths; the tool will grep and match known values to detect GraphQL endpoints within the target website. ... -
3
rep+
Burp-style HTTP Repeater for Chrome DevTools with built‑in AI
rep+ is a lightweight browser extension for Chrome DevTools that brings a Burp Suite-style HTTP repeater directly into the developer console, enhanced with built-in AI to help explain requests and suggest tests. It captures HTTP traffic from the inspected page without needing a proxy, allowing users to replay, modify, and analyze individual requests with fine-grained control over headers, bodies, and methods. -
4
Retire.js
Scanner detecting the use of JavaScript libraries
...An icon on the address bar displays will also indicate if vulnerable libraries were loaded. Retire.js has been adapted as a plugin for the penetration testing tools Burp and OWASP ZAP. -
Optimize every aspect of hiring with Greenhouse RecruitingWhat’s next for many of us is changing. Your company’s ability to hire great talent is as important as ever – so you’ll be ready for whatever’s ahead. Whether you need to scale your team quickly or improve your hiring process, Greenhouse gives you the right technology, know-how and support to take on what’s next.
-
5
SSRFmap
Automatic SSRF fuzzer and exploitation tool
SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans. Because SSRF often leads to lateral movement or internal network access, SSRFmap is especially useful for red-teamers and pentesters who want to explore chains rather than just the vulnerability surface. ... -
6
Payloads All The Things
A list of useful payloads and bypass for Web Application Security
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques. The API key is a unique identifier that is used to authenticate requests associated with your project. Some developers might hardcode them or leave it on public shares. -
7
InterceptSuite
A TLS MITM proxy for Non-HTTP traffic, with support for TLS upgrades
InterceptSuite is a cross‑platform, SOCKS5‑based MITM proxy specially designed to intercept, inspect, analyze, and manipulate encrypted network traffic at the TCP/TLS layer. It goes beyond HTTP‑focused tools like Burp Suite and ZAP by providing universal TLS interception—including STARTTLS and non‑HTTP protocols—offering deep visibility and control for security testing and debugging. InterceptSuite bridges this gap by providing a universal TLS interception engine that works with any protocol, giving security researchers the tools they need to analyze, understand, and test encrypted communications effectively. ... -
8
Interactsh
An OOB interaction gathering server and client library
Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions. Interactsh Cli client requires go1.17+ to install successfully. interactsh-client with -sf, -session-file flag can be used store/read the current session information from user defined file which is useful to resume the same session to poll the interactions even after the client gets stopped or closed. Running the interactsh-client in... -
9
Malicious PDF Generator
Generate a bunch of malicious pdf files with phone-home functionality
Generate ten different malicious PDF files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh. Used for penetration testing and/or red-teaming etc. I created this tool because I needed a third-party tool to generate a bunch of PDF files with various links. -
Contract Management Software | ConcordConcord serves small and mid-sized businesses and Fortune 500 companies. This robust, web-based platform is used by human resource, sales, procurement, and legal teams, and virtually anyone who deals with contracts.
-
10
Trail of Bits Skills Marketplace
Trail of Bits Claude Code skills for security research, vulnerability
...This project leverages the agent skills architecture to let AI assistants take on detailed, repeatable security procedures that are typically manual, such as parsing Burp Suite projects or conducting variant analysis across codebases. -
11
ScaNetOS
Entorno funcional para auditoría web y pentesting
ScaNetOS : Entorno de Auditoría Web Automatizada (v1.0) ScaNetOS es una Máquina Virtual en formato .OVA, diseñada para ser una máquina de análisis web y pentesting preconfigurada. Su objetivo es proporcionar un entorno de trabajo rápido y eficiente para pentesters éticos y analistas de seguridad enfocados en la auditoría de aplicaciones web y APIs. El corazón de esta MV es el ScaNet Panel (Script Bash v1.0), un menú centralizado que orquesta herramientas avanzadas y automatiza los... -
12
Hetty
An HTTP toolkit for security research
Hetty is an HTTP toolkit for security research. It aims to become an open-source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty communities. Machine-in-the-middle (MITM) HTTP proxy, with logs and advanced search. HTTP client for manually creating/editing requests, and replay proxied requests. Intercept requests and responses for manual review (edit, send/receive, cancel) Scope support, to help keep work organized. ... -
13
GoSpider
Gospider - Fast web spider written in Go
...Find AWS-S3 from response source. Find subdomains from the response source. Get URLs from Wayback Machine, Common Crawl, Virus Total, Alien Vault. Format output easy to Grep. Support Burp input. Crawl multiple sites in parallel. -
14
BugBuntu
Linux Distribution for Bug Hunters
BugBuntu is a Fork of Ubuntu 18.04 customized for Bug Hunters. The distribution contains almost all tools used by KingOfBugBounty tips repository for Recon and tests on platforms like Hackerone, Bugcrowd and others. Default credential: user: bugbuntu pwd: bugbuntu KingOfBugBoutyTips: https://github.com/KingOfBugbounty/KingOfBugBountyTips Telegram Group: https://t.me/joinchat/DN_iQksIuhyPKJL1gw0ttA -
15
Tamper Dev
Extension that allows you to intercept and edit HTTP/HTTPS requests
...Unlike most other extensions, Tamper Dev allows you to intercept, inspect and modify the requests before they are sent to the server. This extension provides functionality similar to Burp Proxy, MITM Proxy, OWASP ZAP, Tamper Data, and Postman Proxy, but without the need of additional software, with full support of HTTPS connections, and trivial to set-up (just install). -
16
Burp is a backup and restore program. It uses librsync in order to save on the amount of space that is used by each backup. It also uses VSS (Volume Shadow Copy Service) to make snapshots when backing up Windows computers.
-
17
XSpear
Powerfull XSS Scanning and Parameter analysis tool&gem
XSpear is an XSS Scanner on ruby gems. Powerful XSS Scanning and Parameter analysis tool&gem. -
18
Pentdroid
Small tool for apk operations required during android app pentesting
Tools consist of mini modules which automates and reduces tester efforts for setting up the basic environment and typing long tool queries . -
19
PentDroid
Small tool for apk operations required during android app pentesting
Tools consist of mini modules which automates and reduces tester efforts for setting up the basic environment and typing long tool queries . For Installation guide refer : https://github.com/vishwaraj/PentDroid/blob/master/README.md -
20
bscan
BScan is an extendable application security scanner
BScan is a configurable and extendable web application security scanner that can be run from a command line headless (without UI). It's built on top of arguably the most popular commercial security testing tool Burp Suite from PortSwigger and Buby from E. Monti and T. Duehr. The major use cases and advantages can be summarized as follows: 1) Run security scans offline from a command line headless (without UI); 2) Change the type of scanning easily by changing configuration parameters; 3) Extend the BScan's functionality by adding external modules; 4) Utilize Burp's default spidering, active and passing scanning features; 5) Integrate scan with different sources of known injections (e.g. ... -
21
SauceWalk Proxy Helper
Enumeration and automation of file discovery for your sec tools.
...Walk.exe iterates through the local files and folders of your target web application (for example a local copy of Wordpress) and generates requests via your favourite proxy (for example burp suite) against a given target url. The remote agent can be used to identify target files and folders on a live system via a PHP script on the target server(ASP/JSP coming soon). The advantage of this tool is that it allows access to files and folders (for example include or plugin folders) which are not usually seen via a spider or crawler to be security tested with traditional tools. ... -
22
Belch - Burp External Channel Belch is an BurpSuite extender plug-in that implements burp suite IExtender capabilities and allow burp users to channel network transport on the fly and to log, process and replay it by using any arbitrary external editors
-
23
Webarmy is an application web application scanner that accepts burp proxy log file as an input and fuzz all GET/POST input parameters from a defined list. As such, it can be used detect SQL injection and Cross Site Scripting vulnerabilities.
-
24
Skavenger analyzes HTTP traffic logged by various Web proxies (including WebScarab and Burp) for indications of common web vulnerabilities such as XSS, CRLF injection and various kinds of information disclosure.
-
25
BURP aims to develop a publicly distributed system for rendering 3D animations over the Internet using CPU idle time.
- Previous
- You're on page 1
- Next
