Pinned Repositories
backslash-powered-scanner
Finds unknown classes of injection vulnerabilities
BChecks
BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
collaborator-everywhere
A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
distribute-damage
Evenly distributes scanner load across targets
http-request-smuggler
httpoxy-scanner
A Burp Suite extension that checks for the HTTPoxy vulnerability.
param-miner
turbo-intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
upload-scanner
HTTP file upload scanner for Burp Proxy
xss-cheatsheet-data
This repository contains all the XSS cheatsheet data to allow contributions from the community.
PortSwigger's Repositories
PortSwigger/turbo-intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
PortSwigger/param-miner
PortSwigger/BChecks
BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
PortSwigger/xss-cheatsheet-data
This repository contains all the XSS cheatsheet data to allow contributions from the community.
PortSwigger/autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
PortSwigger/bambdas
Bambdas collection for Burp Suite Professional and Community.
PortSwigger/active-scan-plus-plus
ActiveScan++ Burp Suite Plugin
PortSwigger/oauth-scan
Burp Suite Extension useful to verify OAUTHv2 and OpenID security
PortSwigger/burp-extensions-montoya-api
Burp Extensions Api
PortSwigger/hackvertor
PortSwigger/content-type-converter
Central Repo for Burp extensions
PortSwigger/sensitive-discoverer
Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.
PortSwigger/reshaper
Burp Suite Extension - Trigger actions and reshape HTTP request and response traffic using configurable rules
PortSwigger/nuclei-template-generator
Nuclei plugin for BurpSuite
PortSwigger/cstc
CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
PortSwigger/pycript
Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing.
PortSwigger/certsquirt
A golang PKI in less than 1000 lines of code.
PortSwigger/websocket-turbo-intruder
Fuzz WebSockets with custom Python code
PortSwigger/batch-scan-report-generator
Small Burp Suite Extension to generate multiple scan reports by host with just a few clicks. Works with Burp Suite Professional only.
PortSwigger/host-header-inchecktion
A burp extention to find host header injection vulnerabilities
PortSwigger/enterprise-helm-charts
Helm charts for BSEE Kubernetes installation.
PortSwigger/sign-saboteur
SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens
PortSwigger/burp-suite-enterprise-edition-ami
PortSwigger/go-ocsp-responder
OCSP responder written in Go meant to be used with PortSwigger's CertSquirt solution
PortSwigger/burptrast
Burp Plugin for Contrast Security
PortSwigger/captcha-converter
A Burp Suite extension for converting Base64 data to an image.
PortSwigger/client-side-path-traversal-exploitation
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
PortSwigger/firewall-ferret
This java project was created with Portswigger's Montoya API to be a Burp Extension. It's well known that WAFs only scan up to a certain amount of data per request. This extension allows a tester to manually insert junk data and adds junk data to Active Scans by duplicating each scan check.
PortSwigger/header-guardian
Header Guardian is a Burp Suite extension that identifies missing, misconfigured, and unnecessary HTTP security headers in web application responses. It helps improve security by ensuring headers follow best practices, like those recommended by OWASP, for protecting against XSS, clickjacking, and information leakage.
PortSwigger/saml-encoder-decoder