Apache Log4j2 RCE( CVE-2021-44228)验证环境

Vulnerable Android application for developers and security researchers to learn about Android penetration testing/ bug bounty hunting. Updated to run with Python 3.

extract social media accounts and check if possible to hijacking

Text4Shell的burp被动扫描插件

Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)

Some useful files for upload features pentesting

A BurpSuite extension for vulnerability Scanning

使用java编写的CRLF-Injection-burp被动扫描插件

Hello, Attack Surface Scan, BurpSuite完全被动扫描插件，不主动发送任何请求，适合挂机使用。

Buggyapp is an vulnerable android application. This app can be used by pentesters, security researchers to practice Android application pentesting. This is build for beginners to learn basics about Android application pentesting

Burpsuite Plugin to detect Directory Traversal vulnerabilities

auto decrypt the request ciphertext and auto bypass the signature of the API. 针对数据包加密、签名保护的安全测试场景，借助burp插件自动解密数据包密文，自动绕过接口的签名保护，最后借助密文数据天然过waf的优势结合Xray等漏扫工具完成半自动的安全测试

A handy plugin for copying requests/responses directly from Burp, some extra magic included.

Another plugin for CRLF vulnerability detection

Hack like a pro

This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.

Intentionally vulnerable Android application.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.