Pinned Repositories
ActiveScanPlusPlus
ActiveScan++ Burp Suite Plugin
agartha
a burp extension for dynamic payload generation to detect injection flaws (LFI, RCE, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitations.
ATOR-Burp
Autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
bbFuzzing.txt
Bookmarks
A Burp Suite Extension to take back your repeater tabs
burp-add-to-sitemap-plusplus
burp-api-common
common methods that used by my burp extension projects
burp-auto-gql
A plugin for Burp Suite Pro that uses the GraphQL schema to begin Active Scanning the entire endpoint.
burp-extensions
Burp Extensions
EvCuQ4HgGJd74Lhz's Repositories
EvCuQ4HgGJd74Lhz/ATOR-Burp
EvCuQ4HgGJd74Lhz/burp-add-to-sitemap-plusplus
EvCuQ4HgGJd74Lhz/burp-auto-gql
A plugin for Burp Suite Pro that uses the GraphQL schema to begin Active Scanning the entire endpoint.
EvCuQ4HgGJd74Lhz/burp-suite-error-message-checks
Burp Suite extension to passively scan for applications revealing server error messages
EvCuQ4HgGJd74Lhz/403Bypasser
EvCuQ4HgGJd74Lhz/Arjun
HTTP parameter discovery suite.
EvCuQ4HgGJd74Lhz/BountyTricks
EvCuQ4HgGJd74Lhz/bug-bounty-recon-dataset
recon data for public bug bounty programs (irregular updates)
EvCuQ4HgGJd74Lhz/bypass-40x
bypass 401/403
EvCuQ4HgGJd74Lhz/bypass-url-parser
bypass-url-parser
EvCuQ4HgGJd74Lhz/chameleon
EvCuQ4HgGJd74Lhz/chameleon-wordlists
Chameleon Wordlists
EvCuQ4HgGJd74Lhz/DesyncCL0
A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.
EvCuQ4HgGJd74Lhz/Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
EvCuQ4HgGJd74Lhz/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
EvCuQ4HgGJd74Lhz/JSFScan.sh
Automation for javascript recon in bug bounty.
EvCuQ4HgGJd74Lhz/jwt-reauth
EvCuQ4HgGJd74Lhz/LinkFinder
A python script that finds endpoints in JavaScript files
EvCuQ4HgGJd74Lhz/mgwls
Combine words from two wordlist files and concatenate them with an optional delimiter
EvCuQ4HgGJd74Lhz/mkpath
Make URL path combinations using a wordlist
EvCuQ4HgGJd74Lhz/open-redirect-scanner-vn
open redirect subdomains scanner
EvCuQ4HgGJd74Lhz/orgs-data
A mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations
EvCuQ4HgGJd74Lhz/param-miner-doc
Unofficial documentation for the great tool Param Miner
EvCuQ4HgGJd74Lhz/PentagridResponseOverview
Response Overview Extension for BurpSuite
EvCuQ4HgGJd74Lhz/WAF-A-MoLE
A guided mutation-based fuzzer for ML-based Web Application Firewalls
EvCuQ4HgGJd74Lhz/Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
EvCuQ4HgGJd74Lhz/Web-CTF-Cheatsheet
Web CTF CheatSheet 🐈
EvCuQ4HgGJd74Lhz/web-inf-path-trav
Tool for helping in the exploitation of path traversal vulnerabilities in Java web applications
EvCuQ4HgGJd74Lhz/x8
Hidden parameters discovery suite
EvCuQ4HgGJd74Lhz/xnLinkFinder
A python tool used to discover endpoints (and potential parameters) for a given target