A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities
☆119Nov 23, 2023Updated 2 years ago
Alternatives and similar repositories for pentest-mapper
Users that are interested in pentest-mapper are comparing it to the libraries listed below
Sorting:
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆31Jun 22, 2023Updated 2 years ago
- ☆21Oct 9, 2017Updated 8 years ago
- Automatic Bug finder with buprsuite☆166Mar 6, 2023Updated 2 years ago
- Burp extension to check and exploit the IIS Tilde Enumeration/IIS 8.3 Short Filename Disclosure vulnerability☆61Jun 12, 2023Updated 2 years ago
- A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.☆184Nov 22, 2021Updated 4 years ago
- This extension provides a way to discover NoSQL injection vulnerabilities.☆10Feb 1, 2021Updated 5 years ago
- Python resource library for creating security related tooling☆79Jul 11, 2024Updated last year
- Attack Active Directory Trusts with a single tool☆14Jan 15, 2025Updated last year
- ☆113May 8, 2024Updated last year
- BurpSiute - BurpBounty Profiles☆20Feb 10, 2023Updated 3 years ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,497Jan 8, 2026Updated last month
- ☆19Jan 24, 2023Updated 3 years ago
- A burpsuite extension that helps security researchers find public security reports published on h1 based on the selected host☆42May 9, 2020Updated 5 years ago
- A tech enumeration toolkit focused on 404 Not found pages.☆26Oct 6, 2024Updated last year
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆374Jul 25, 2023Updated 2 years ago
- BurpSuite Extension: A one-stop pen testing checklist and logger tool☆269Mar 4, 2023Updated 3 years ago
- Obtain GraphQL API schema despite disabled introspection!☆69May 27, 2021Updated 4 years ago
- This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.☆247Mar 17, 2025Updated 11 months ago
- Zed Attack Proxy Scripts for finding CVEs and Secrets.☆128Jun 2, 2022Updated 3 years ago
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆328Mar 27, 2024Updated last year
- Tool for testing reflections in the HTTP responses☆60Jun 10, 2023Updated 2 years ago
- Nuclei plugin for BurpSuite☆1,322Oct 22, 2025Updated 4 months ago
- SSRF plugin for burp Automates SSRF Detection in all of the Request☆615Jan 20, 2021Updated 5 years ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,529Jan 15, 2026Updated last month
- It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect tha…☆16Dec 8, 2025Updated 2 months ago
- A Burp Suite extension for finding DNS vulnerabilities in web applications!☆91Sep 12, 2023Updated 2 years ago
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆978Jan 12, 2024Updated 2 years ago
- A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabiliti…☆120Aug 2, 2023Updated 2 years ago
- Black box fuzzer for web applications☆437Jul 20, 2025Updated 7 months ago
- A repository that includes all the important wordlists used while bug hunting.☆1,379Mar 11, 2023Updated 2 years ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆753Dec 19, 2023Updated 2 years ago
- A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violati…☆395Feb 18, 2026Updated 2 weeks ago
- A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomain…☆888May 3, 2023Updated 2 years ago
- A variety of AV evasion techniques written in C# for practice.☆98Apr 19, 2021Updated 4 years ago
- Real-world infosec wordlists, updated regularly☆1,642Updated this week
- ☆38Aug 27, 2022Updated 3 years ago
- A rapid HTTP downgrade smuggling scanner written in Go.☆313May 16, 2024Updated last year
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,774Apr 26, 2024Updated last year
- ☆56Jan 16, 2025Updated last year