PortSwigger / agartha
a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitation.
☆20Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for agartha
- Burp Suite's extension to scan and crawl Single Page Applications☆99Updated last year
- This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.☆54Updated last year
- Spring4Shell Burp Scanner☆65Updated 2 years ago
- A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors☆85Updated 9 months ago
- tool that generates bypasses for open redirects☆48Updated 2 years ago
- Burp extension to check and exploit the IIS Tilde Enumeration/IIS 8.3 Short Filename Disclosure vulnerability☆55Updated last year
- PoC for XSS in org.webjars:swagger-ui [3.14.2, 3.36.2]☆52Updated last year
- ☆80Updated 6 months ago
- ☆30Updated last year
- Burp Suite Extension - Trigger actions and reshape HTTP request/response and WebSocket traffic using configurable rules☆92Updated last week
- Burp Suite extension that enhances Burp Active Scan by adding template engine specific SSTI payloads.☆21Updated 9 months ago
- A burp-suite plugin that extract all parameter names from in-scope requests☆29Updated 3 years ago
- ☆49Updated 2 years ago
- Burp Extension for a passive scanning JS files for endpoint links.☆52Updated this week
- burpsuite extension☆13Updated last year
- bounty collection☆28Updated 2 months ago
- Automatic Tools For Metabase Exploit Known As CVE-2023-38646☆28Updated last year
- ☆19Updated 4 months ago
- Central Repo for Burp extensions☆22Updated last month
- Sensitive Discoverer, a Burp extension to discovers sensitive information inside HTTP messages.☆42Updated 3 weeks ago
- WEB API fuzzing☆24Updated last year
- ☆24Updated 5 months ago
- A Burp Suite extension and standalone application for creating and editing JSON Web Tokens. This tool supports signing and verification o…☆35Updated 2 years ago
- Endpoints Explorer is a Python script that employs multiple bypass rules to discover sensitive endpoints☆83Updated 5 months ago
- The purpose of this repo is to share my research☆14Updated 11 months ago
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.☆11Updated last year
- Utility for creating ZipSlip archives☆67Updated last year
- BChecks collection for Burp Suite Professional☆83Updated 5 months ago
- CVE-2022-41040 nuclei template☆18Updated 2 years ago
- A Burp Suite extension for creating and editing JSON Web Tokens. This tool supports signing and verification of JWS, encryption and decry…☆21Updated 2 months ago