Search the Community

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type. Features Adds a passive scan check, allowing users to submit HTTP data to an OpenAI-controlled GPT model for analysis through a placeholder system. Leverages the power of OpenAI's GPT models to conduct comprehensive traffic analysis, enabling detection of various issues beyond just security vulnerabilities in scanned applications. Enables granular control over the number of GPT tokens used in the analysis by allowing for precise adjustments of the maximum prompt length. Offers users multiple OpenAI models to choose from, allowing them to select the one that best suits their needs. Empowers users to customise prompts and unleash limitless possibilities for interacting with OpenAI models. Browse through the Example Use Cases for inspiration. Integrates with Burp Suite, providing all native features for pre- and post-processing, including displaying analysis results directly within the Burp UI for efficient analysis. Provides troubleshooting functionality via the native Burp Event Log, enabling users to quickly resolve communication issues with the OpenAI API. [hide][Hidden Content]]

The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass security measures. The extension also offers the ability to customize the encryption and decryption process by writing custom logic using JavaScript and Node.js, making it a highly adaptable tool for various needs. Additionally, it supports both manual and automated testing, as well as custom encryption/decryption plugins, making it a versatile solution for different penetration testing scenarios. Features Encrypt & Decrypt the Selected Strings from Request Response View and Modify the encrypted request in plain text Decrypt Multiple Requests Perform Burp Scanner, Sql Map, Intruder Bruteforce, or any Automation in Plain Text Auto Encrpyt the request on the fly Complete freedom for encryption and decryption logic Ability to handle encryption and decryption even with Key and IV in Request Header or Body [Hidden Content]

The all-in-one Red Team browser extension for Web Pentesters HackTools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverses shells, and much more. Current functions: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) Shell Spawning (TTY Shell Spawning) XSS Payloads Basic SQLi payloads Local file inclusion payloads (LFI) Base64 Encoder / Decoder Hash Generator (MD5, SHA1, SHA256, SHA512) Useful Linux commands (Port Forwarding, SUID) Changelog v0.5 Completely redesign the revershell component New transfert methods component Fix the MSF Builder component [hide][Hidden Content]]

pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide deep integration between Cobalt Strike and Bloodhound. pyCobaltHound strives to assist red team operators by: Automatically querying the BloodHound database to discover escalation paths opened up by newly collected credentials. Automatically marking compromised users and computers as owned. Allowing operators to quickly and easily investigate the escalation potential of beacon sessions and users. To accomplish this, pyCobaltHound uses a set of built-in queries. Operators are also able to add/remove their own queries to fine tune pyCobaltHound’s monitoring capabilities. This grants them the flexibility to adapt pyCobaltHound on the fly during engagements to account for engagement-specific targets (users, hosts, etc..). Tips & tricks PyCobalt comes with some Script Console commands to manage the running Python scripts. When you reload your Aggressor script you should explicitly stop the Python scripts first. Otherwise, they’ll run forever doing nothing. During pyCobaltHound’s development we noticed that this can also lead to undefined behavior. Reloading pyCobaltHound can be done as follows: aggressor> python-stop-all` [pycobalt] Asking script to stop: /root/pycobalthound/pycobalthound.py [pycobalt] Script process exited: /root/pycobalthound/pycobalthound.py aggressor> reload example.cna` [pycobalt] Executing script /root/pycobalthound/pycobalthound.py For PyCobalt to work properly you can only call PyCobalt in one Aggressor script. Keep this in mind if you want to use pyCobaltHound together with other Aggressor scripts that usePyCobalt. Our approach is to have an Aggressor script with a call to python() and include() for every PyCobalt-based tool. [hide][Hidden Content]]

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005) Why should I use this extension? Multi-thread Different and configurable levels of test. Includable status codes Excludable status codes More than 1000 built-in payloads. You can load your dictionary. Editable root directory Automatic detection of used technologies to generate custom payloads. Passive listening to find login pages. [hide][Hidden Content]]

Agartha { LFI | RCE | Auth | SQLi | Http-Js } Agartha is a penetration testing tool that creates dynamic payload lists and user access matrix to reveal injection flaws and authentication/authorization issues. There are many different attack payloads that exist, but Agartha creates run-time, systematic, and vendor-neutral payloads with many different possibilities and bypassing methods. It also draws attention to user session and URL relationships, which makes it easy to find user access violations. And additionally, it converts Http requests to JavaScript to help dig up XSS issues. In summary: Payload Generator: It creates payloads/wordlists for different attacks. Directory Traversal/Local File Inclusion: It creates file dictionary lists with various encoding and escaping characters. Remote Code Execution: It creates command dictionary lists for both Unix and Windows environments with different combinations. SQL Injection: It creates Batched Queries, Boolean-Based, Union-Based and Time-Based SQLi wordlist for various databases to help find vulnerable spots. Authorization Matrix: It creates an access role matrix based on user sessions and URL lists to determine authorization/authentication-related access violation issues. And Http Request to JavaScript Converter: It converts Http requests to JavaScript code to be useful for further XSS exploitation and more. [hide][Hidden Content]]

Description OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards. [hide][Hidden Content]]

A Burp Suite extension was made to automate the process of finding reverse proxy path-based SSRF. [hide][Hidden Content]]

Pentesters HackTools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverses shells, and much more. Current functions: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) Shell Spawning (TTY Shell Spawning) XSS Payloads Basic SQLi payloads Local file inclusion payloads (LFI) Base64 Encoder / Decoder Hash Generator (MD5, SHA1, SHA256, SHA512) Useful Linux commands (Port Forwarding, SUID) Changelog v0.4 The new update is out! 🥳 Theme switcher, you can now switch between dark and white theme Powershell scripts has been added Obfuscated Files or Information is now available New SQLi payloads [hide][Hidden Content]]

Broken Link Finder Broken Link Finder is a Burp Extension to detect broken links for a passive scanning domains and links. Inspired by InitRoot's linkfinder plugin. It covers: Twitter Twitch Facebook Instagram Github Tumblr Youtube Note: We know there is a rate limiting issue, and we will work to bypass it. [hide][Hidden Content]]

Burp Bounty – Scan Check Builder This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive. Examples of vulnerabilities that you can find So, the vulnerabilities identified, from which you can make personalized improvements are: Active Scan: XSS reflected and Stored SQL Injection error based Blind SQL injection Blind SQL injection time-based XXE Blind XXE SSRF CRLF Information disclosure Nginx off-by-slash vulnerability – From Orange Tsai Command injection Web cache poisoning Blind command injection Open Redirect Local File Inclusion Remote File Inclusion Path Traversal LDAP Injection XML Injection SSI Injection XPath Injection etc Passive Response Scan Security Headers Cookies attributes Endpoints extract Software versions Error strings In general any string or regular expression in the response. Passive Request Scan Interesting params and values In general any string or regular expression in the request. Changelog v4.0 Burp Bounty Pro 1.6 core Quick issue alert More options for creating profiles [hide][Hidden Content]]

This tool is an extension of PortSwigger product Burp Suite. It corresponds to Scanner of Burp Professional Edition. Also, even in the case of the Burp Community Edition, it can be detected by using the History function of Proxy. [hide][Hidden Content]]

auth_analyzer The Burp extension helps you to find authorization bugs. Just navigate through the web application with a high privileged user and let the Auth Analyzer repeat your requests for any defined non-privileged user. With the possibility to define Parameters the Auth Analyzer is able to extract and replace parameter values automatically. With this for instance, CSRF tokens or even whole session characteristics can be auto extracted from responses and replaced in further requests. Each response will be analyzed and tagged on its bypass status. Why should I use Auth Analyzer? There are other existing Burp Extensions doing basically similar stuff. However, the force of the parameter feature and automatic value extraction is the main reason for choosing Auth Analyzer. With this, you don’t have to know the content of the data which must be exchanged. You can easily define your parameters and cookies and Auth Analyzer will catch on the fly the values needed. The Auth Analyzer does not perform any preflight requests. It does basically just the same thing as your web app. With your defined user roles/sessions. GUI Overview (1) Create or Clone a Session for every user you want to test. (2) Save and load session setup (3) Specify the session characteristics (Header(s) and / or Parameter(s) to replace) (4) Set Filters if needed (5) Start / Stop and Pause Auth Analyzer (6) Specify table filter (7) Navigate through Web App with another user and track results of the repeated requests (8) Export table data to XML or HTML (9) Manually analyze original and repeated requests/responses Features Session Creation for each user role Renaming and Removing a Session Clone a Session Set any amount of Headers to replace/add Set Headers to remove Set any amount of parameters to replace Define how the parameter value will be discovered (automatic, static, prompt for input, from to string) Remove a specified parameter Detailed Filter Rules Detailed Status Panel for each Session Pause each Session separately Renew Auto Extracted Parameter Value automatically Repeat Request by context menu Table Data Filter Table Data Export Functionality Start / Stop / Pause the “Auth Analyzer” Pause each Session separately Restrict session to defined scope Filter Requests with same header(s) Drop Original Request functionality Detailed view of all processed Requests and Responses Send Header(s) and/or Parameter(s) directly to Auth Analyzer by Context Menu Autosave current configuration Save to file and load from file current configuration [hide][Hidden Content]]

InQL Scanner InQL Scanner is a security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. Changelog v4.0.5 Fixes: Burp: enable HTTP/2 for Burp >= 2020.8 [hide][Hidden Content]]

HackTools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverses shells, and much more. Current functions: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) Shell Spawning (TTY Shell Spawning) XSS Payloads Basic SQLi payloads Local file inclusion payloads (LFI) Base64 Encoder / Decoder Hash Generator (MD5, SHA1, SHA256, SHA512) Useful Linux commands (Port Forwarding, SUID) Changelog v0.3.8 The new update is out! New RFI Payload #102 New ZSH reverse shell #101 [hide][Hidden Content]]

Copy as XMLHttpRequest BurpSuite extension The extension adds a context menu to BurpSuite that allows you to copy multiple requests as Javascript's XmlHttpRequest, which simplifies PoC development when exploiting XSS. [hide][Hidden Content]]

The all-in-one Red Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer need to search for payloads in different websites or in your local storage space, most of the tools are accessible in one click. HackTools is accessible either in pop up mode or in a whole tab in the Devtools part of the browser with F12. Current functions: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) Shell Spawning (TTY Shell Spawning) XSS Payloads Basic SQLi payloads Local file inclusion payloads (LFI) Base64 Encoder / Decoder Hash Generator (MD5, SHA1, SHA256, SHA512) Useful Linux commands (Port Forwarding, SUID) Changelog v0.3.3 Adding persistence on the app (When you close the app it will now open at the same place) URL Decoder [hide][Hidden Content]]

Burp Suite extension for extracting metadata from files Currently supported documents: PDF DOCX PPTX XLSX The project created at Jetbrains has been completely added. Don't forget to change the settings you need. [hide][Hidden Content]]

Pentesters HackTools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverses shells, and much more. Current functions: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) Shell Spawning (TTY Shell Spawning) XSS Payloads Basic SQLi payloads Local file inclusion payloads (LFI) Base64 Encoder / Decoder Hash Generator (MD5, SHA1, SHA256, SHA512) Useful Linux commands (Port Forwarding, SUID) Changelog v0.3 Adding SM3 hash support! 👍 Adding new RSS Feeds from CXSECURITY ✅ New button for the fullscreen mode 👀 [hide][Hidden Content]]

The all-in-one Red Team browser extension for Web Pentesters HackTools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverses shells, and much more. Current functions: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) Shell Spawning (TTY Shell Spawning) XSS Payloads Basic SQLi payloads Local file inclusion payloads (LFI) Base64 Encoder / Decoder Hash Generator (MD5, SHA1, SHA256, SHA512) Useful Linux commands (Port Forwarding, SUID) Changelog v0.2.1 Adding SM3 hash support! 👍 Adding new RSS Feeds from CXSECURITY ✅ New button for the fullscreen mode 👀 [hide][Hidden Content]]

This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive. Examples of vulnerabilities that you can find So, the vulnerabilities identified, from which you can make personalized improvements are: Active Scan: XSS reflected and Stored SQL Injection error based Blind SQL injection Blind SQL injection time-based XXE Blind XXE SSRF CRLF Information disclosure Nginx off-by-slash vulnerability – From Orange Tsai Command injection Web cache poisoning Blind command injection Open Redirect Local File Inclusion Remote File Inclusion Path Traversal LDAP Injection XML Injection SSI Injection XPath Injection etc Passive Response Scan Security Headers Cookies attributes Endpoints extract Software versions Error strings In general any string or regular expression in the response. Passive Request Scan Interesting params and values In general any string or regular expression in the request. Changelog v3.3.5 Fixed bug with Payload and Payload without encoding match type Changed the default directory from user.dir to user.home Added and variables for printing issue details in Advisory. Fixed regex grep case sensitive Better redirection performance Fixed bug with Match And Replace [hide][Hidden Content]]

PwnFox PwnFox is a Firefox/Burp extension that provides usefull tools for your security audit. If you are a chrome user you can check [Hidden Content]. Single click BurpProxy Connect to Burp with a simple click, this will probably remove the need for other add-ons like foxyProxy. However, if you need the extra features provided by foxyProxy you can leave this unchecked. Containers Profiles PwnFox gives you fast access to Firefox containers. This allows you to have multiple identities in the same browser. When PwnFox and the Add container header option are enabled, PwnFox will automatically add an X-PwnFox-Color header to highlight the query in Burp. PwnFoxBurp will automatically highlight and strip the header, but you can also specify your own behavior with addons like logger++. Security header remover Sometimes it’s easier to work with the security header disabled. You can now do it with a single button press. Don’t forget to reenable them before testing your final payload. Headers stripped: Content-Security-Policy X-XSS-Protection X-Frame-Options X-Content-Type-Options [hide][Hidden Content]]

The all-in-one Red Team browser extension for Web Pentesters HackTools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverses shells, and much more. Current functions: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) Shell Spawning (TTY Shell Spawning) XSS Payloads Basic SQLi payloads Local file inclusion payloads (LFI) Base64 Encoder / Decoder Hash Generator (MD5, SHA1, SHA256, SHA512) Useful Linux commands (Port Forwarding, SUID) Changelog v0.2 Handling CVE Search Exception ( AJAX error ) that cause extension crash Adding File Transfers snippets ( Exfiltration over BASH with TCP and HTTP / Python 2 / 3 http server +WGET and SCP ). [hide][Hidden Content]]

The all-in-one Red Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer need to search for payloads in different websites or in your local storage space, most of the tools are accessible in one click. HackTools is accessible either in pop up mode or in a whole tab in the Devtools part of the browser with F12. Current functions: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) Shell Spawning (TTY Shell Spawning) XSS Payloads Basic SQLi payloads Local file inclusion payloads (LFI) Base64 Encoder / Decoder Hash Generator (MD5, SHA1, SHA256, SHA512) Useful Linux commands (Port Forwarding, SUID) [hide][Hidden Content]]

HackTools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverses shells, and much more. Current functions: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) Shell Spawning (TTY Shell Spawning) XSS Payloads Basic SQLi payloads Local file inclusion payloads (LFI) Base64 Encoder / Decoder Hash Generator (MD5, SHA1, SHA256, SHA512) Useful Linux commands (Port Forwarding, SUID) HackTools 0.1.2 for Chromium New features : Obfuscated PHP webshell payloads UI Menu is set to icon similar to the firefox version Installation Steps : Extract hacktools_build_chromium.zip (you will obtain a folder named 'dist') In your chromium based web-browser upload the folder as an unpacked Extension. Enjoy ! [hide][Hidden Content]]