PortSwigger / research-labs

Related projects ⓘ

Alternatives and complementary repositories for research-labs

• federicodotta / Burp-Suite-Extender-Montoya-Course
  This repository contains all the examples related to a series of tutorials that demonstrate how to use the new Montoya API of Burp Suite …
  ☆35Updated this week
• usdAG / slipit
  Utility for creating ZipSlip archives
  ☆67Updated last year
• 254Labs / awesome-bambdas
  A collection of Burp Suite Lambda Filters ~ Bambdas
  ☆22Updated last month
• PortSwigger / server-side-prototype-pollution
  ☆30Updated last year
• CoreyD97 / Burp-Montoya-Utilities
  A collection of utilities for building extensions using Burp's Montoya API
  ☆46Updated 5 months ago
• Hannah-PortSwigger / WebSocketTurboIntruder
  Fuzz WebSockets with custom Python code
  ☆13Updated 3 months ago
• PortSwigger / agartha
  a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …
  ☆20Updated 2 months ago
• Moopinger / CLZero
  A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors
  ☆85Updated 9 months ago
• harisec / orange-confusion-attacks
  ☆19Updated 2 months ago
• albinowax / albinowaxUtils
  ☆13Updated 2 months ago
• dwisiswant0 / look4jar
  Looking for JAR files that are vulnerable to Log4j RCE (CVE‐2021‐44228)?
  ☆45Updated 2 years ago
• assetnote / jira-mobile-ssrf-exploit
  Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
  ☆87Updated 2 years ago
• defparam / haptyc
  ☆92Updated 3 years ago
• vulnbe / burpsuite-copy-as-xmlhttprequest
  Copy as XMLHttpRequest BurpSuite extension
  ☆30Updated 3 years ago
• ariary / DomXssFinder
  Find sources and sinks in js code that could lead to DOM XSS 🔎💧🚰
  ☆22Updated 8 months ago
• PortSwigger / content-type-converter
  Central Repo for Burp extensions
  ☆22Updated last month
• h1pmnh / sqli-dojo-docker
  A demo PHP application used to exercise SQL injection techniques in a safe, local Docker environment
  ☆39Updated 5 months ago
• riramar / DesyncCL0
  A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.
  ☆35Updated 2 years ago
• Sudistark / xss-writeups
  ☆36Updated last year
• rs-loves-bugs / burp-browser-profiles
  Make better use of the embedded browser that comes by default with Burp
  ☆38Updated 10 months ago
• fcavallarin / burp-dom-scanner
  Burp Suite's extension to scan and crawl Single Page Applications
  ☆99Updated last year
• roughiz / lfito_rce
  LFI to RCE via phpinfo() assistance or via controlled log file
  ☆59Updated last year
• kleiton0x00 / HTTP-Smuggling-Calculator
  Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.
  ☆67Updated 2 years ago
• wrvenkat / burp-multistep-csrf-poc
  Burp extension to generate multi-step CSRF POC.
  ☆29Updated 5 years ago
• notnotnotveg / nuclei-custom-templates
  Additional nuclei templates
  ☆36Updated last year
• PortSwigger / sqlmap-dns-collaborator
  Burp Extension that lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap
  ☆36Updated 3 years ago
• PortSwigger / splitting-the-email-atom
  ☆65Updated last month
• ambionics / scalpel
  Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.
  ☆52Updated 5 months ago