BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
-
Updated
Jul 8, 2024 - Java
BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
The Android Agent for the Drozer Security Assessment Framework.
Java RMI Vulnerability Scanner
A Java Web Application with common legacy security flaws for tests with Arachni Scanner and ModSecurity
Continuation of the ZAP Neonmarker add-on previously by Juha Kivekäs
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
MQTTShield intends to be a toolkit for penetration-testing of MQTT Brokers
ShotDroid is a pentesting tool for android. There are 3 tools that have their respective functions, Get files from Android directory, internal and external storage, Android Keylogger + Reverse Shell and Take a webcam shot of the face from the front camera of the phone and PC.
A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
auto decrypt the request ciphertext and auto bypass the signature of the API. 针对数据包加密、签名保护的安全测试场景,借助burp插件自动解密数据包密文,自动绕过接口的签名保护,最后借助密文数据天然过waf的优势结合Xray等漏扫工具完成半自动的安全测试
Some useful files for upload features pentesting
The Faction Burp Suite Extension
This is a library-based payload for Android and Java-based services, designed for testing security vulnerabilities across systems. It is capable of extracting data with the consent of users, such as call logs, SMS logs, media files, and device information, to help improve system security.
A BurpSuite extension for vulnerability Scanning
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
CVSS Calculator - a burp suite extension for calculating CVSS v2 and v3.1 scores of vulnerabilities.
Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.
To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."