Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.
☆68May 31, 2024Updated last year
Alternatives and similar repositories for scalpel
Users that are interested in scalpel are comparing it to the libraries listed below
Sorting:
- Piper Burp Suite Extender plugin☆16Jan 15, 2026Updated last month
- ☆64Oct 17, 2025Updated 4 months ago
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆30Nov 30, 2025Updated 3 months ago
- some fun php exploits☆82Nov 12, 2024Updated last year
- ☆93Apr 29, 2024Updated last year
- Toolkit for creating cryptographic figures and videos.☆35May 17, 2024Updated last year
- php decrypt environment for study☆17Jan 10, 2024Updated 2 years ago
- via load data local infile to attack client☆30Oct 29, 2019Updated 6 years ago
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆112Jun 23, 2025Updated 8 months ago
- HTTP/2 Last Frame Synchronization (also known as Single Packet Attack) low Level Library / Tool based on Scapy + Exploit Timing Attacks☆218Feb 18, 2026Updated 2 weeks ago
- ☆36Jun 21, 2024Updated last year
- This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by me☆18Aug 5, 2024Updated last year
- HTTP request smuggling attack helper/CLI tools to manipulate HTTP packets☆35Sep 23, 2022Updated 3 years ago
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆773Dec 9, 2025Updated 2 months ago
- A Burp Extension that makes it easier to view all script code on a Response.☆17Nov 12, 2023Updated 2 years ago
- slides for talk given during uscg 2023 combine☆38Sep 6, 2023Updated 2 years ago
- Connect and send data through a TCP connection☆38Feb 9, 2026Updated 3 weeks ago
- jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice☆291Apr 9, 2024Updated last year
- Topic: The Swiss Army Knife of Java Exploitation☆21Feb 25, 2025Updated last year
- Very Simple Fuzzer☆21Jun 12, 2020Updated 5 years ago
- A tool to inspect and attack version 1 GUIDs☆239Oct 13, 2022Updated 3 years ago
- Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities.☆227Jul 24, 2025Updated 7 months ago
- Burp Plugin to Bypass WAFs through the insertion of Junk Data☆1,426Jul 14, 2025Updated 7 months ago
- 🔍A cutting edge context aware GraphQL API fuzzing tool!☆157Feb 28, 2026Updated last week
- A PoC to deploy a Sliver Agent with amsi bypass, process injection, hollowing and OpSec☆29Oct 2, 2024Updated last year
- Burp Extension to add additional functionality for pentesting websocket based applications☆102Aug 27, 2025Updated 6 months ago
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆356Dec 14, 2023Updated 2 years ago
- ☆139Nov 9, 2024Updated last year
- ☆95Sep 18, 2021Updated 4 years ago
- By manipulating LSASS memory flags like UseLogonCredential and IsCredGuardEnabled, this repo demonstrates how Credential Guard can be byp…☆14May 25, 2025Updated 9 months ago
- JMX enumeration and attacking tool.☆493Jun 26, 2025Updated 8 months ago
- ☆145Apr 25, 2024Updated last year
- fastjson auto type derivation search☆21Aug 19, 2021Updated 4 years ago
- Python code to Serialize and Unserialize java binary serialization format.☆30Feb 27, 2026Updated last week
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.☆160Jul 2, 2024Updated last year
- Differential testing framework for HTTP implementations☆926Jan 21, 2026Updated last month
- 批量扫描并恢复sourcemap的源代码文件☆54Nov 2, 2023Updated 2 years ago
- Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()☆505Sep 30, 2024Updated last year
- Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.☆237Oct 8, 2024Updated last year