SkewwG/BurpExtender

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SkewwG/BurpExtender)

SkewwG / BurpExtender

Burp suite 的插件集合

☆240

Alternatives and similar repositories for BurpExtender

Users that are interested in BurpExtender are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

dongfangyuxiao / BurpExtend
View on GitHub
基于Burp插件开发打造渗透测试自动化
☆422Dec 7, 2021Updated 4 years ago
exp1orer / JNDI-Inject-Exploit
View on GitHub
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用，探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
☆772Jan 26, 2022Updated 4 years ago
Acmesec / Sylas
View on GitHub
新一代子域名主/被动收集工具 - Subdomain automatic/passive collection tool
☆500Oct 9, 2022Updated 3 years ago
safe6Sec / PentestDB
View on GitHub
各种数据库的利用姿势
☆1,033Jan 3, 2025Updated last year
safe6Sec / command
View on GitHub
红队常用命令速查
☆1,016Mar 17, 2026Updated last week
GPU virtual machines on DigitalOcean Gradient AI • Ad
Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
Goqi / Banli
View on GitHub
Banli-高危资产识别和高危漏洞扫描
☆457Apr 10, 2023Updated 2 years ago
bufsnake / blueming
View on GitHub
备份文件扫描，并自动进行下载
☆130Jul 26, 2023Updated 2 years ago
SummerSec / SpringExploit
View on GitHub
🚀 一款为了学习go而诞生的漏洞利用工具
☆451Jun 14, 2022Updated 3 years ago
zongdeiqianxing / Autoscanner
View on GitHub
输入域名>爆破子域名>扫描子域名端口>发现扫描web服务>集成报告的全流程全自动扫描器。集成oneforall、masscan、nmap、dirsearch、crawlergo、xray等工具，另支持cdn识别、网页截图、站点定位；动态识别域名并添加功能、工具超时中断等
☆807Mar 13, 2024Updated 2 years ago
SkewwG / domainTools
View on GitHub
内网域渗透小工具
☆732Apr 20, 2021Updated 4 years ago
c0ny1 / passive-scan-client
View on GitHub
Burp被动扫描流量转发插件
☆1,459Jun 17, 2024Updated last year
JDArmy / DCSec
View on GitHub
域控安全one for all
☆736Sep 9, 2024Updated last year
NeoTheCapt / PowerScanner
View on GitHub
面向HW的红队半自动扫描器
☆226Dec 16, 2021Updated 4 years ago
a1phaboy / FastjsonScan
View on GitHub
Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
☆1,050Oct 7, 2022Updated 3 years ago
Simple, predictable pricing with DigitalOcean hosting • Ad
Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
f0ng / poc2jar
View on GitHub
Java编写，Python作为辅助依赖的漏洞验证、利用工具，添加了进程查找模块、编码模块、命令模块、常见漏洞利用GUI模块、shiro rememberMe解密模块，加快测试效率
☆761Feb 25, 2024Updated 2 years ago
zilong3033 / fastjsonScan
View on GitHub
fastjson漏洞burp插件，检测fastjson<1.2.68基于dnslog，fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。
☆125May 14, 2021Updated 4 years ago
dr0op / shiro-550-with-NoCC
View on GitHub
Shiro-550 不依赖CC链利用工具
☆450Jun 19, 2024Updated last year
wyzxxz / jndi_tool
View on GitHub
JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
☆2,014May 21, 2024Updated last year
ffffffff0x / Pentest101
View on GitHub
一些关于渗透测试的Tips
☆611Dec 19, 2022Updated 3 years ago
pmiaowu / BurpFastJsonScan
View on GitHub
一款基于BurpSuite的被动式FastJson检测插件
☆1,238Oct 1, 2022Updated 3 years ago
hayasec / 360SafeBrowsergetpass
View on GitHub
这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具，用于节省红队工作量，通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
☆637Apr 4, 2021Updated 4 years ago
Ryze-T / Sylas
View on GitHub
数据库综合利用工具
☆543Feb 16, 2022Updated 4 years ago
pmiaowu / HostCollision
View on GitHub
用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统
☆659Jun 13, 2024Updated last year
Managed Database hosting by DigitalOcean • Ad
PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
dr0op / bufferfly
View on GitHub
攻防演习/渗透测试资产处理小工具，对攻防演习/渗透测试前的信息搜集到的大批量资产/域名进行存活检测、获取标题头、语料提取、常见web端口检测等。
☆634Jun 19, 2024Updated last year
whwlsfb / Log4j2Scan
View on GitHub
Log4j2 RCE Passive Scanner plugin for BurpSuite
☆829Aug 4, 2023Updated 2 years ago
ybdt / post-hub
View on GitHub
Lateral Movement
☆943Mar 13, 2026Updated last week
s7ckTeam / Glass
View on GitHub
Glass是一款针对资产列表的快速指纹识别工具，通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹，也可针对IP/IP段或资产列表进行快速的指纹识别。
☆1,008Jan 26, 2022Updated 4 years ago
metaStor / SpringScan
View on GitHub
SpringScan 漏洞检测 Burp插件
☆606Nov 14, 2023Updated 2 years ago
wgpsec / DBJ
View on GitHub
大宝剑-边界资产梳理工具（红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配）
☆925Feb 8, 2022Updated 4 years ago
r0eXpeR / supplier
View on GitHub
主流供应商的一些攻击性漏洞汇总
☆808Nov 8, 2021Updated 4 years ago
NyDubh3 / Pentesting-Active-Directory-CN
View on GitHub
域渗透脑图中文翻译版
☆280Sep 18, 2021Updated 4 years ago
F6JO / RouteVulScan
View on GitHub
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
☆1,313Jun 29, 2024Updated last year
Managed Database hosting by DigitalOcean • Ad
PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
safe6Sec / Fastjson
View on GitHub
Fastjson姿势技巧集合
☆1,833Oct 20, 2023Updated 2 years ago
ggg4566 / BurpBountyPlus
View on GitHub
BurpBounty 魔改版本
☆418Mar 21, 2022Updated 4 years ago
veo / vscan
View on GitHub
开源、轻量、快速、跨平台的网站漏洞扫描工具，帮助您快速检测网站安全隐患。功能端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
☆1,624Oct 10, 2023Updated 2 years ago
yuyan-sec / druid_sessions
View on GitHub
获取 alibaba druid 一些 sessions , sql , urls
☆313Apr 4, 2025Updated 11 months ago
EASY233 / Finger
View on GitHub
一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具
☆1,715Dec 22, 2023Updated 2 years ago
ScriptKid-Beta / Unexpected_information
View on GitHub
Unexpected information 是用于标记请求包中的一些敏感信息、JS接口和一些特殊字段的BurpSuite 插件。
☆690Jan 4, 2021Updated 5 years ago
sp4zcmd / WeblogicExploit-GUI
View on GitHub
Weblogic漏洞利用图形化工具支持注入内存马、一键上传webshell、命令执行
☆775Apr 20, 2022Updated 3 years ago