Team-Firebugs / Burp-LFI-testsView external linksLinks
Fuzzing for LFI using Burpsuite
☆67Oct 4, 2016Updated 9 years ago
Alternatives and similar repositories for Burp-LFI-tests
Users that are interested in Burp-LFI-tests are comparing it to the libraries listed below
Sorting:
- A Burpsuite extension written in Python to perform basic validation fuzzing☆11Oct 7, 2022Updated 3 years ago
- Burp Suite extension to help make Graphql request more readable☆33Dec 7, 2017Updated 8 years ago
- This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP…☆47Feb 27, 2019Updated 6 years ago
- This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an…☆36Mar 1, 2023Updated 2 years ago
- It contain google dork to find the wsdl file.☆13May 27, 2020Updated 5 years ago
- Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.☆158Jul 10, 2025Updated 7 months ago
- A tool to bruteforce nameservers when working with subdomain delegations to AWS.☆58Aug 22, 2019Updated 6 years ago
- A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials☆10Jun 30, 2021Updated 4 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- Messy BurpSuite plugin for SQL Truncation vulnerabilities.☆63Apr 17, 2020Updated 5 years ago
- Repo of useful scripts☆105Jun 30, 2020Updated 5 years ago
- A fast http and https prober, to check which URLs are alive☆69Aug 5, 2019Updated 6 years ago
- A python script that filters, checks the validity, generates clickable link(s) of subdomain(s), and reports their status☆89Oct 29, 2020Updated 5 years ago
- burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz☆63Dec 4, 2018Updated 7 years ago
- A collection of scripts used to interact with the Burp Rest API☆56Feb 11, 2019Updated 7 years ago
- A tool that turns the authoritative nameservers of DNS providers to resolvers and resolves the target domain list. Please think of this a…☆25Sep 19, 2019Updated 6 years ago
- Smart ssrf scanner using different methods like parameter brute forcing in post and get...☆280Feb 11, 2021Updated 5 years ago
- JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing.☆100Jul 29, 2019Updated 6 years ago
- A Burp Suite extension which performs checks for cross-domain scripting against the DOM, subresource integrity checks, and evaluates Java…☆26Mar 23, 2022Updated 3 years ago
- Send notifications on different channels such as Slack, Telegram, Discord etc.☆39Jan 12, 2026Updated last month
- A simple SSRF-testing sheriff written in Go☆336Oct 31, 2024Updated last year
- ☆17Aug 3, 2021Updated 4 years ago
- BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities☆117Dec 23, 2025Updated last month
- a .js scanner, built in php. designed to scrape urls and other info☆226Aug 22, 2017Updated 8 years ago
- Revisiting Helpviewer.app to hack Parallels for Mac☆17Sep 14, 2019Updated 6 years ago
- Boxer: A fast directory bruteforce tool written in Python with concurrency.☆14Feb 26, 2021Updated 4 years ago
- ☆16May 3, 2021Updated 4 years ago
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆18May 17, 2020Updated 5 years ago
- Keyhack - Golang API token/webhook validator☆16Mar 20, 2025Updated 10 months ago
- Small script to check a list of domains against open redirect vulnerability☆28Jan 22, 2022Updated 4 years ago
- You can read the writeup on this script here☆192Sep 30, 2021Updated 4 years ago
- Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common m…☆75Mar 22, 2024Updated last year
- Burp Suite extension to passively scan for applications revealing server error messages☆64Dec 15, 2023Updated 2 years ago
- Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.☆40Nov 21, 2025Updated 2 months ago
- Proof of concept code for client-side vulnerabilities☆17Mar 14, 2019Updated 6 years ago
- SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing☆91May 10, 2020Updated 5 years ago
- Simple python script to check against hypothetical JWT vulnerability.☆51Nov 29, 2020Updated 5 years ago
- A Burp Suite extension that automatically marks similar requests as 'out-of-scope'.☆43May 1, 2020Updated 5 years ago
- Perform operations on URLs like extracting paths, parameter names and/or values, domain name, host name (without HTTP[s]).☆29Aug 19, 2020Updated 5 years ago