You will find a wealth of resources to help with your Website investigations.

PYTHON TOOL BY DRYZER | FOR LEARN ONLY

Burp Suite Certified Practitioner Exam Study

A comprehensive resource for Android static analysis and vulnerability assessment. Tutorials, tools, and resources for identifying and mitigating security vulnerabilities in Android applications.

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket

IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify IDOR vulnerabilities in web applications. 🚀

Burp suite extension to find sensitive information by checking incoming text OR binary websocket messages

Burp suite extension to test JWT vulnerabilties.

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

Optimize your web vulnerability assessments with PassiveDigger, a comprehensive Burp Suite extension that specializes in passive traffic analysis. Detect potential vulnerabilities, get actionable i…

Burparser Pro is a powerful Burp Suite extension designed to extract and analyze directory structures, sensitive paths, and potential API endpoints from web application responses. The tool automate…

Official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc) using TruffleHog.

This Burp Suite extension detects whether certain headers are susceptible to Web Cache Poisoning by comparing responses with and without the header to see if the cached content differs.

A powerful Python tool for identifying Insecure Direct Object Reference (IDOR) vulnerabilities in Burp Suite traffic exports.

Web Crawler

SSRF plugin for burp Automates SSRF Detection in all of the Request

A burpsuite plugin written in java, implemented using sqlmap, used to detect sql injection

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

Struts2漏洞扫描 Burp插件

一个用于检测HOST 头攻击漏洞的Burp Suite扩展插件。

Burp Suite extension for Code Injections Vulnerability Scanner

A burp suite extension for passive open redirect scanning

All-in Fuzzer. Burp suite extension for auto fuzzing params, headers, body

一款快速修改HTTP数据包头的Burp Suite插件

A plugin that allows you execute python and get return to BurpSuite.

Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

A collection of commands and tools used for conducting enumeration during my OSCP journey

Crack the shared secret of a HS256-signed JWT