Compilation of tools, automations, extensions...

Burpsuite

JS Link Finder
Burp Extension for a passively scanning JavaScript files for endpoint links. - Export results the text file - Exclude specific js files e.g. jquery, google-analytics
JWT Editor
JWT Editor is a Burp Suite extension for editing, signing, verifying, encrypting and decrypting JSON Web Tokens (JWTs).
Content Type Converter
This extension converts data submitted within requests between various common formats: JSON to XML, XML to JSON, body parameters.
Java Deserialization Scanner
This extension gives Burp Suite the ability to find Java deserialization vulnerabilities. It adds checks to both the active and passive scanner and can also be used in an Intruder like manual mode, with a dedicated tab.
Collaborator Everywhere
This extension augments your in-scope proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.
Content Type Converter
This extension converts data submitted within requests between various common formats: JSON to XML, XML to JSON, body parameters.
Add Custom Header
Add or update custom HTTP headers from session handling rules. This is especially useful for JSON Web Tokens (JWT).
HTTP Request Smuggler
This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you.
Param Miner
This extension identifies hidden, unlinked parameters. Its particularly useful for finding web cache poisoning vulnerabilities.
Turbo Intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. Its intended to complement Burp Intruder by handling attacks that require extreme speed or complexity.
Retire.js
This extension integrates Burp with the Retire.js repository to find vulnerable JavaScript libraries. It passively looks at JavaScript files loaded and identifies those which are vulnerable based on various signature types (URL, filename, file content or specific hash).
J2EEScan
The goal of this extension is to improve the test coverage during web application penetration tests on J2EE applications.
Autorize
Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities, one of the more time-consuming tasks in a web application penetration test.
Backslash Powered Scanner
This extension enhances Burps active scanner, employing a novel method to detect both known and unknown server-side injection vulnerabilities. Derived from manual testing, it offers advantages like casual WAF evasion, minimal network footprint, and adaptability to input filtering.
XSS Validator
This extension sends responses to a locally-running XSS-Detector server, powered by either Phantom.js and/or Slimer.js.
Upload Scanner
This extension tries to implements most attacks that seem feasible for file uploads. The extension is testing various attacks and is divided into modules. Each module handles several attacks of the same category.

DNS

Herramienta DEF 1
Texto
Herramienta DEF 2
Texto
Herramienta DEF 3
Texto

SSL/TLS

Herramienta GHI 1
Texto
Herramienta GHI 2
Texto
Herramienta GHI 3
Texto

XSS

Herramienta GHI 1
Texto
Herramienta GHI 2
Texto
Herramienta GHI 3
Texto

XXE

Herramienta GHI 1
Texto
Herramienta GHI 2
Texto
Herramienta GHI 3
Texto

Copyright © 2023 - 2025 By jotita3 ❤️ Contact Disclaimer