├── BurpAttacks ├── 01_burpattack_basic_methods ├── 01_burpattack_dirbuster ├── 01_burpattack_dirbuster_toplist ├── 01_burpattack_fast_fuzz ├── 02_burpattack_vulnerabilities_all ├── 03_burpattack_find_inject ├── 03_burpattack_find_injectx ├── 04_burpattack_basic_fuzz ├── 04_burpattack_sqli_quick_fuzz ├── 05_burpattack_full_fuzz ├── burp_config ├── burpattack_basic_auth_brute ├── burpattack_brute_force ├── burpattack_command_exec ├── burpattack_find_injectx ├── burpattack_nums_1-100 ├── burpattack_overflow ├── burpattack_server_side_include ├── burpattack_shellshock ├── burpattack_sqli_authbypass ├── burpattack_sqli_error_based ├── burpattack_sqli_quick_fuzz ├── burpattack_sqli_time_based ├── burpattack_url_attacks ├── burpattack_wordpress ├── burpattack_xmlrpc_dos ├── burpattack_xpath_injection ├── burpattack_xss ├── burpattack_xss_stored ├── burpattack_xxe ├── burpconfig_default ├── burprepeater_xxe └── shellshock_attack ├── BurpBountyPayloads ├── ACTIVE - HTTP Interaction.bb ├── ACTIVE - HTTP Response Splitting.bb ├── ACTIVE - Open Redirect.bb ├── ACTIVE - Reflected Values.bb ├── ACTIVE - Remote Code Execution.bb ├── ACTIVE - SQL Injection (Blind).bb ├── ACTIVE - SQL Injection (Error).bb ├── ACTIVE - Traversal.bb ├── ACTIVE - XSS.bb ├── PASSIVE - Basic Auth Check.bb ├── PASSIVE - CMS Detection.bb ├── PASSIVE - Cisco ASA Device Found.bb ├── PASSIVE - Credentials Found.bb ├── PASSIVE - Forgot Password Form.bb ├── PASSIVE - Form Submission Found.bb ├── PASSIVE - Interesting Pages.bb ├── PASSIVE - Java De-Serialization.bb ├── PASSIVE - Jenkins Found.bb ├── PASSIVE - Login Page Found.bb ├── PASSIVE - Private Key Found.bb ├── PASSIVE - Redirect Found.bb ├── PASSIVE - Registration Page Found.bb ├── PASSIVE - Session Found.bb ├── PASSIVE - Subscribe Form Found.bb ├── PASSIVE - Token Found.bb ├── PASSIVE - Version Disclosure.bb └── PASSIVE - WAF Found.bb ├── BurpsuiteIntruderPayloads.png ├── FuzzLists ├── auth_bypass.txt ├── bad_chars.txt ├── basic_fuzz.txt ├── command_exec.txt ├── dirbuster-cgi.txt ├── dirbuster-dirs.txt ├── dirbuster-quick.txt ├── dirbuster-top1000.txt ├── full_fuzz.txt ├── grep_injectx.txt ├── lfi.txt ├── overflow-dos.txt ├── overflow.txt ├── passwords_long.txt ├── passwords_medium.txt ├── passwords_quick.txt ├── payload_injectx.txt ├── quick_fuzz.txt ├── sqli-error-based.txt ├── sqli-time-based.txt ├── sqli-union-select.txt ├── sqli_escape_chars.txt ├── ssi_quick.txt ├── toplist-sorted.txt ├── traversal-short.txt ├── traversal.txt ├── url_payloads.txt ├── usernames.txt ├── vulnerability_discovery.txt ├── xml-attacks.txt ├── xss_escape_chars.txt ├── xss_find_inject.txt ├── xss_funny_stored.txt ├── xss_grep.txt ├── xss_payloads_quick.txt ├── xss_remote_payloads-http.txt ├── xss_remote_payloads-https.txt └── xss_swf_fuzz.txt ├── OWASPTestingChecklist_v_1.0.xls ├── Plugins ├── BurpKit-1.02-pre.jar ├── jruby-complete-9.0.0.0.jar └── jython-standalone-2.7.0.jar ├── README.md ├── Uploads ├── " ├── " -- ├── ">