Burpsuite-Plugins-Usage

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Penetration testing and auditing toolkit for Android apps.

A backdoor with a multitude of features.

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

BlackRAT - Java Based Remote Administrator Tool

The Android Agent for the Mercury Security Assessment Framework.

BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

Program to analyze mails stored into a Microsoft Outlook PST file and find one based on search keywords.

PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

HaE-Java是基于Java开发的一款burpsuite插件，其支持自定义正则表达式，可扩展性强，并内置九种高亮颜色，可高亮（Highlight）标记敏感请求，并（And）提取（Extract）关键数据，方便后续深度挖掘。代码内部维护了一个简单的缓存池，burp界面响应速度佳。

Generate customized and undetectable exploits for Metasploit.

A Java Web Application with common legacy security flaws for tests with Arachni Scanner and ModSecurity

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

Android v7+ application to perform a dictionary brute force attack against a host.

Copy as PowerShell request(s) plugin for Burp Suite (approved by PortSwigger for inclusion in their official BApp Store).

pfc is a cli-based modular toolkit for pentesting and reconnaissance

Identify juicy methods on unknown Java RMI interfaces

PETEP (PEnetration TEsting Proxy) is open-source Java application for network communication proxying for the purpose of penetration testing. It allows penetration testers to setup proxies and interceptors to manage the traffic transmitted between client and server.

An intentionally vulnerable web application... the difference from others: this application is designed to be secured not exploited.

Super simple Burp Suite extension adding passive scanner checks for missing security headers in server responses

Burp Extension for collaboration in Faraday

Android v6+ application to monitor (stalk) the clipboard and grab the content.

An Android frontend for ansvif fuzzing

Auditing BlackBerry devices and applications like it's 1999.