Repositories list

• bambdas

  Public
  Bambdas collection for Burp Suite Professional and Community.

  Java

  •

  GNU Lesser General Public License v3.0

  •31•210•1•3•Updated Dec 19, 2024Dec 19, 2024

• go-ocsp-responder

  Public
  OCSP responder written in Go meant to be used with PortSwigger's CertSquirt solution

  Go

  •

  MIT License

  •11•2•0•0•Updated Dec 17, 2024Dec 17, 2024

• burp-extensions-montoya-api

  Public
  Burp Extensions Api

  Java

  •

  Other

  •5•148•12•0•Updated Dec 16, 2024Dec 16, 2024

• content-type-converter

  Public
  Central Repo for Burp extensions

  Java

  •54•22•0•0•Updated Dec 13, 2024Dec 13, 2024

• hackvertor

  Public
  Java

  •49•88•0•0•Updated Dec 13, 2024Dec 13, 2024

• batch-scan-report-generator

  Public
  Small Burp Suite Extension to generate multiple scan reports by host with just a few clicks. Works with Burp Suite Professional only.

  Java

  •

  MIT License

  •2•4•0•0•Updated Dec 12, 2024Dec 12, 2024

• active-scan-plus-plus

  Public
  ActiveScan++ Burp Suite Plugin

  Java

  •

  Apache License 2.0

  •188•209•0•1•Updated Dec 12, 2024Dec 12, 2024

• param-miner

  Public
  Java

  •

  Other

  •169•1.3k•19•5•Updated Dec 11, 2024Dec 11, 2024

• certsquirt

  Public
  A golang PKI in less than 1000 lines of code.

  Go

  •

  BSD 3-Clause "New" or "Revised" License

  •2•6•0•1•Updated Dec 9, 2024Dec 9, 2024

• sign-saboteur

  Public
  SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens

  Java

  •

  Apache License 2.0

  •10•3•0•0•Updated Dec 5, 2024Dec 5, 2024

• burp-suite-enterprise-edition-ami

  Public
  MIT License

  •1•2•0•0•Updated Dec 4, 2024Dec 4, 2024

• enterprise-helm-charts

  Public
  Helm charts for BSEE Kubernetes installation.

  kubernetesenterpriseburp+ 1helm-chart

  Smarty

  •

  Apache License 2.0

  •5•3•2•2•Updated Dec 4, 2024Dec 4, 2024

• oauth-scan

  Public
  Burp Suite Extension useful to verify OAUTHv2 and OpenID security

  Java

  •

  GNU General Public License v3.0

  •26•185•0•0•Updated Dec 3, 2024Dec 3, 2024

• saml-encoder-decoder

  Public
  Python

  •6•0•0•0•Updated Dec 3, 2024Dec 3, 2024

• BChecks

  Public
  BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition

  GNU Lesser General Public License v3.0

  •116•650•26•0•Updated Dec 2, 2024Dec 2, 2024

• autorize

  Public
  Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

  Python

  •202•226•0•0•Updated Nov 29, 2024Nov 29, 2024

• cstc

  Public
  CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

  Java

  •

  GNU General Public License v3.0

  •26•8•0•0•Updated Nov 29, 2024Nov 29, 2024

• reshaper

  Public
  Burp Suite Extension - Trigger actions and reshape HTTP request and response traffic using configurable rules

  Java

  •

  MIT License

  •12•15•0•0•Updated Nov 29, 2024Nov 29, 2024

• nuclei-template-generator

  Public
  Nuclei plugin for BurpSuite

  Java

  •

  MIT License

  •115•13•0•0•Updated Nov 29, 2024Nov 29, 2024

• turbo-intruder

  Public
  Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

  Kotlin

  •

  Apache License 2.0

  •218•1.5k•14•1•Updated Nov 27, 2024Nov 27, 2024

• burptrast

  Public
  Burp Plugin for Contrast Security

  Java

  •

  Apache License 2.0

  •2•0•0•0•Updated Nov 26, 2024Nov 26, 2024

• host-header-inchecktion

  Public
  A burp extention to find host header injection vulnerabilities

  Java

  •4•4•0•0•Updated Nov 26, 2024Nov 26, 2024

• captcha-converter

  Public
  A Burp Suite extension for converting Base64 data to an image.

  Java

  •1•0•0•0•Updated Nov 26, 2024Nov 26, 2024

• firewall-ferret

  Public
  This java project was created with Portswigger's Montoya API to be a Burp Extension. It's well known that WAFs only scan up to a certain amount of data per request. This extension allows a tester to manually insert junk data and adds junk data to Active Scans by duplicating each scan check.

  Java

  •1•0•0•1•Updated Nov 26, 2024Nov 26, 2024

• sensitive-discoverer

  Public
  Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.

  Java

  •

  Apache License 2.0

  •7•18•0•0•Updated Nov 26, 2024Nov 26, 2024

• xss-cheatsheet-data

  Public
  This repository contains all the XSS cheatsheet data to allow contributions from the community.

  Other

  •83•410•1•2•Updated Nov 15, 2024Nov 15, 2024

• pycript

  Public
  Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing.

  Python

  •

  MIT License

  •26•8•0•1•Updated Oct 30, 2024Oct 30, 2024

• client-side-path-traversal-exploitation

  Public
  CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.

  Java

  •

  Apache License 2.0

  •7•0•0•0•Updated Oct 30, 2024Oct 30, 2024

• websocket-turbo-intruder

  Public
  Fuzz WebSockets with custom Python code

  Java

  •

  MIT License

  •3•5•0•0•Updated Oct 30, 2024Oct 30, 2024

• header-guardian

  Public
  Header Guardian is a Burp Suite extension that identifies missing, misconfigured, and unnecessary HTTP security headers in web application responses. It helps improve security by ensuring headers follow best practices, like those recommended by OWASP, for protecting against XSS, clickjacking, and information leakage.

  Python

  •

  GNU Affero General Public License v3.0

  •1•0•0•0•Updated Oct 30, 2024Oct 30, 2024