Skip to content
Change the repository type filter

All

    Repositories list

    • bambdas

      Public
      Bambdas collection for Burp Suite Professional and Community.
      Java
      GNU Lesser General Public License v3.0
      3121013Updated Dec 19, 2024Dec 19, 2024
    • OCSP responder written in Go meant to be used with PortSwigger's CertSquirt solution
      Go
      MIT License
      11200Updated Dec 17, 2024Dec 17, 2024
    • Burp Extensions Api
      Java
      Other
      5148120Updated Dec 16, 2024Dec 16, 2024
    • Central Repo for Burp extensions
      Java
      542200Updated Dec 13, 2024Dec 13, 2024
    • Java
      498800Updated Dec 13, 2024Dec 13, 2024
    • Small Burp Suite Extension to generate multiple scan reports by host with just a few clicks. Works with Burp Suite Professional only.
      Java
      MIT License
      2400Updated Dec 12, 2024Dec 12, 2024
    • ActiveScan++ Burp Suite Plugin
      Java
      Apache License 2.0
      18820901Updated Dec 12, 2024Dec 12, 2024
    • Java
      Other
      1691.3k195Updated Dec 11, 2024Dec 11, 2024
    • A golang PKI in less than 1000 lines of code.
      Go
      BSD 3-Clause "New" or "Revised" License
      2601Updated Dec 9, 2024Dec 9, 2024
    • SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens
      Java
      Apache License 2.0
      10300Updated Dec 5, 2024Dec 5, 2024
    • MIT License
      1200Updated Dec 4, 2024Dec 4, 2024
    • Helm charts for BSEE Kubernetes installation.
      Smarty
      Apache License 2.0
      5322Updated Dec 4, 2024Dec 4, 2024
    • Burp Suite Extension useful to verify OAUTHv2 and OpenID security
      Java
      GNU General Public License v3.0
      2618500Updated Dec 3, 2024Dec 3, 2024
    • Python
      6000Updated Dec 3, 2024Dec 3, 2024
    • BChecks

      Public
      BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
      GNU Lesser General Public License v3.0
      116650260Updated Dec 2, 2024Dec 2, 2024
    • autorize

      Public
      Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
      Python
      20322600Updated Nov 29, 2024Nov 29, 2024
    • cstc

      Public
      CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
      Java
      GNU General Public License v3.0
      26800Updated Nov 29, 2024Nov 29, 2024
    • reshaper

      Public
      Burp Suite Extension - Trigger actions and reshape HTTP request and response traffic using configurable rules
      Java
      MIT License
      121500Updated Nov 29, 2024Nov 29, 2024
    • Nuclei plugin for BurpSuite
      Java
      MIT License
      1151300Updated Nov 29, 2024Nov 29, 2024
    • Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
      Kotlin
      Apache License 2.0
      2181.5k141Updated Nov 27, 2024Nov 27, 2024
    • burptrast

      Public
      Burp Plugin for Contrast Security
      Java
      Apache License 2.0
      2000Updated Nov 26, 2024Nov 26, 2024
    • A burp extention to find host header injection vulnerabilities
      Java
      4400Updated Nov 26, 2024Nov 26, 2024
    • A Burp Suite extension for converting Base64 data to an image.
      Java
      1000Updated Nov 26, 2024Nov 26, 2024
    • This java project was created with Portswigger's Montoya API to be a Burp Extension. It's well known that WAFs only scan up to a certain amount of data per request. This extension allows a tester to manually insert junk data and adds junk data to Active Scans by duplicating each scan check.
      Java
      1001Updated Nov 26, 2024Nov 26, 2024
    • Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.
      Java
      Apache License 2.0
      71800Updated Nov 26, 2024Nov 26, 2024
    • This repository contains all the XSS cheatsheet data to allow contributions from the community.
      Other
      8341012Updated Nov 15, 2024Nov 15, 2024
    • pycript

      Public
      Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing.
      Python
      MIT License
      26801Updated Oct 30, 2024Oct 30, 2024
    • CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
      Java
      Apache License 2.0
      7000Updated Oct 30, 2024Oct 30, 2024
    • Fuzz WebSockets with custom Python code
      Java
      MIT License
      3500Updated Oct 30, 2024Oct 30, 2024
    • Header Guardian is a Burp Suite extension that identifies missing, misconfigured, and unnecessary HTTP security headers in web application responses. It helps improve security by ensuring headers follow best practices, like those recommended by OWASP, for protecting against XSS, clickjacking, and information leakage.
      Python
      GNU Affero General Public License v3.0
      1000Updated Oct 30, 2024Oct 30, 2024