PortSwigger's Repositories

3d-css-tutorial

No description

⭐ 14 🌐 Public

403-bypasser

No description

⭐ 71 🌐 Public

429-bypasser

No description

⭐ 4 🌐 Public

5gc-api-parse

A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

⭐ 7 🌐 Public

acmate

ACMate - a tool for Reverse-engineering and Testing of Access Control Policies of Web Applications

⭐ 0 🌐 Public

activation-script

Activate Burp from a script

⭐ 0 🌐 Public

active-scan-plus-plus

ActiveScan++ Burp Suite Plugin

⭐ 240 🌐 Public

add-custom-header

A Burp Suite extension to add a custom header (e.g. JWT)

⭐ 19 🌐 Public

add-to-sitemap-plus

No description

⭐ 4 🌐 Public

add-to-tls-pass-through

Burp Extension to add context menus for configuration of the Add to TLS Pass Through setting

⭐ 6 🌐 Public

add-track-custom-issues

No description

⭐ 1 🌐 Public

additional-cors-checks

No description

⭐ 11 🌐 Public

additional-csrf-checks

No description

⭐ 7 🌐 Public

additional-scanner-checks

Collection of scanner checks missing in Burp

⭐ 31 🌐 Public

adhoc-payload-processors

Generate payload processors on the fly - without having to create individual extensions.

⭐ 6 🌐 Public

admin-panel-finder

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

⭐ 1 🌐 Public

aes-killer

Burp Plugin to decrypt AES encrypted traffic on the fly

⭐ 18 🌐 Public

aes-payloads

Burp Extension to manipulate AES encrypted payloads

⭐ 13 🌐 Public

agartha

a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitation.

⭐ 28 🌐 Public

ai-http-analyzer

AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerability detection, provide intelligent analysis, and assist security professionals in identifying complex security issues.

⭐ 26 🌐 Public

ai-prompt-fuzzer

Burp extension to fuzz/brute force GenAI/LLM prompts using a list of various payloads.

⭐ 17 🌐 Public

ai-recon-assistant

No description

⭐ 2 🌐 Public

ai-substitutor

AI Substitutor is an extension for Burp Suite that uses AI functionality to substitute values of HTTP request parameters and headers.

⭐ 0 🌐 Public

amf-deserializer

A Burp Extender plugin, that will take deserialized AMF objects and encode them in XML using the Xtream library

⭐ 9 🌐 Public

anonymous-cloud

Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities

⭐ 14 🌐 Public

anti-csrf-token-from-referer

No description

⭐ 2 🌐 Public

api-exporter

No description

⭐ 1 🌐 Public

api-sword

NSFOCUS API_Sword：A Burp Suite extension, Automatically recursively collect API endpoints from any response

⭐ 0 🌐 Public

assertj-swing

Fluent assertions for Swing apps

⭐ 1 🌐 Public

asset-discovery

Burp Suite extension to discover assets from HTTP response.

⭐ 16 🌐 Public

asset-saver

Burp Suite extension for saving previously loaded assets

⭐ 0 🌐 Public

ator

No description

⭐ 32 🌐 Public

attack-selector

Burp Suite Attack Selector Plugin

⭐ 11 🌐 Public

attack-surface-detector

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

⭐ 14 🌐 Public

auth-analyzer

No description

⭐ 109 🌐 Public

auth-matrix

AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.

⭐ 43 🌐 Public

authz

No description

⭐ 108 🌐 Public

auto-gql

A plugin for Burp Suite Pro that uses the GraphQL schema to begin Active Scanning the entire endpoint.

⭐ 3 🌐 Public

auto-repeater

Automated HTTP Request Repeating With Burp Suite

⭐ 69 🌐 Public

autocompletion

This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.

⭐ 1 🌐 Public

autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

⭐ 265 🌐 Public

autovader

An extension to automate using DOM Invader from within Burp

⭐ 6 🌐 Public

autowasp

BurpSuite Extension: A one-stop pen testing checklist and logger tool

⭐ 267 🌐 Public

aws-cognito

No description

⭐ 3 🌐 Public

aws-curl-command

Burp Extension to create AWS Curl and cURL with SigV4 commands from an API

⭐ 2 🌐 Public

aws-security-checks

AWS Security Checks

⭐ 40 🌐 Public

aws-signer

Burp Extension for AWS Signing

⭐ 6 🌐 Public

aws-sigv4

Anvil Ventures' Burp extension for signing AWS requests with SigV4

⭐ 3 🌐 Public

awscurl-burp-extension-main

Burp Extension to create AWS Curl and cURL with SigV4 commands from an API

⭐ 0 🌐 Public

awscurl-burp-extension-test-3

Burp Extension to create AWS Curl and cURL with SigV4 commands from an API

⭐ 0 🌐 Public

backslash-powered-scanner

Finds unknown classes of injection vulnerabilities

⭐ 707 🌐 Public

backup-finder

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP OTG-CONFIG-004)

⭐ 11 🌐 Public

bad-character-wordlist-generator

Burp Suite extension that Generator Wordlist with encoding options and prefix/suffix for generating payloads and FUZZing

⭐ 0 🌐 Public

bambdas

Bambdas collection for Burp Suite Professional and Community.

⭐ 451 🌐 Public

batch-scan-report-generator

Small Burp Suite Extension to generate multiple scan reports by host with just a few clicks. Works with Burp Suite Professional only.

⭐ 4 🌐 Public

BChecks

BChecks collection for Burp Suite Professional and Burp Suite DAST

⭐ 753 🌐 Public

beanstack-stacktrace-fingerprinter

X41 BeanStack - Stack Trace Fingerprinting BETA

⭐ 5 🌐 Public

blazer

Burp Suite AMF Extension

⭐ 1 🌐 Public

blazor-traffic-processor

No description

⭐ 3 🌐 Public

blind-xss-injector

Burp Suite plugin to test for blind XSS vulnerabilities

⭐ 0 🌐 Public

bookmarks

A Burp Suite Extension to take back your repeater tabs

⭐ 3 🌐 Public

bradamsa

Burp Suite extension to generate Intruder payloads using Radamsa

⭐ 0 🌐 Public

brida

The new bridge between Burp Suite and Frida!

⭐ 27 🌐 Public

broken-link-hijacking

Broken Link Hijacking Burp Extension

⭐ 7 🌐 Public

browser-repeater

BurpSuite extension for Repeater tool that renders responses in a real browser.

⭐ 9 🌐 Public

bseept

Burp Suite DAST Power Tools

⭐ 22 🌐 Public

buby

A JRuby implementation of the BurpExtender interface for PortSwigger Burp Suite.

⭐ 2 🌐 Public

bugpoc

Burp Suite Extension to send raw HTTP Requests to BugPoC.com

⭐ 2 🌐 Public

bulk-send-to-repeater

bulkAddToRepeater Burp Extension to Allow Mass "Send to Repeater" Using Context Menu

⭐ 0 🌐 Public

burp-2-slack

Push notifications to Slack channel or to custom server based on BurpSuite response conditions.

⭐ 10 🌐 Public

burp-2-telegram

Push notifications to Telegram bot on BurpSuite response conditions.

⭐ 10 🌐 Public

burp-auto-drop

Burp extension to automatically drop requests that match a certain regex.

⭐ 2 🌐 Public

burp-beautifier

Burpsuite extension for beautifying writing in Jython

⭐ 3 🌐 Public

burp-chat

burpChat is a BurpSuite plugin that enables collaborative BurpSuite usage using XMPP/Jabber.

⭐ 0 🌐 Public

burp-csj

BurpCSJ extension for Burp Pro - Crawljax Selenium JUnit integration

⭐ 0 🌐 Public

burp-extender-api

Burp Wiener API (Legacy)

⭐ 62 🌐 Public

burp-extensions-montoya-api

Burp Extensions Api

⭐ 182 🌐 Public

burp-extensions-montoya-api-examples

Examples for using the Montoya API with Burp Suite

⭐ 167 🌐 Public

burp-hash

No description

⭐ 1 🌐 Public

burp-jenkins-integration

DAST integration with Jenkins

⭐ 1 🌐 Public 📦 Archived

burp-share-requests

This Burp Suite extension enables the generation of shareable links to specific requests which other Burp Suite users can import.

⭐ 9 🌐 Public

burp-smart-buster

A Burp Suite content discovery plugin that add the smart into the Buster!

⭐ 32 🌐 Public

burp-subdomain

Burp Suite extension to easily export sub domains

⭐ 12 🌐 Public

burp-suite-enterprise-edition-ami

No description

⭐ 6 🌐 Public

burp-to-discord

No description

⭐ 1 🌐 Public

burp-variables

Burp Suite extension that extends Burp to support storing and reusing variables in requests

⭐ 5 🌐 Public

burpcrypto

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

⭐ 6 🌐 Public

burpelfish

BurpelFish - Adds Google Translate to Burp's Context Menu. "Babel Fish" language translation for app-sec testing in other languages.

⭐ 11 🌐 Public

burpkit

Next-gen BurpSuite penetration testing tool

⭐ 5 🌐 Public

burptrast

Burp Plugin for Contrast Security

⭐ 0 🌐 Public

bypass-bot-detection

Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection

⭐ 443 🌐 Public

bypass-suite

BurpSuite extensions -Bypass Suite

⭐ 3 🌐 Public

bypass-waf

Add headers to all Burp requests to bypass some WAF products

⭐ 43 🌐 Public

c-surfer

A CSRF guard hiding extension that keeps track of the latest guard value per session and update new requests accordingly

⭐ 2 🌐 Public

cache-killer

No description

⭐ 24 🌐 Public

captcha-converter

A Burp Suite extension for converting Base64 data to an image.

⭐ 1 🌐 Public

carbonator

Integris Security Carbonator - The Burp Suite Pro extension that automates scope, spider & scan from the command line. Carbonator helps automate the vulnerability scanning of web applications. Either 1 or 100 web applications can be scanned by issuing a single command. Carbonator is now available from within Burp Suite Pro through the BApp Store.

⭐ 2 🌐 Public

certsquirt

A golang PKI in less than 1000 lines of code.

⭐ 8 🌐 Public

change-menu-level

一个用于修改右键插件菜单层级的Burpsuite插件。A simple BurpSuite extension to change extension context menu level.

⭐ 14 🌐 Public

ci-cd-platform-scanning-examples

No description

⭐ 4 🌐 Public