This repository contains all the examples related to a series of tutorials that demonstrate how to use the new Montoya API of Burp Suite to create extensions that will greatly simplify our pentester lives.
☆51May 5, 2026Updated last month
Alternatives and similar repositories for Burp-Suite-Extender-Montoya-Course
Users that are interested in Burp-Suite-Extender-Montoya-Course are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆38Mar 4, 2025Updated last year
- A collection of utilities for building extensions using Burp's Montoya API☆52Apr 14, 2026Updated 2 months ago
- Terraform provider for command execution☆12Mar 16, 2020Updated 6 years ago
- Examples for using the Montoya API with Burp Suite☆187Jun 2, 2026Updated 3 weeks ago
- 针对IoT固件的openssl加密的暴力破解脚本☆13May 22, 2024Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- POC for leaking java version through file and ftp protocols☆24Nov 1, 2020Updated 5 years ago
- by Gary O'Leary-Steele | cloned from https://sentinel.appcheck-ng.com/static/pm/logger.html☆12Sep 16, 2019Updated 6 years ago
- A PoC to trigger CVE-2023-5217 from the Browser WebCodecs or MediaRecorder interface.☆16Oct 11, 2023Updated 2 years ago
- World CIDR IP lists☆10Jan 28, 2026Updated 5 months ago
- This Burp extension helps you to find usages of postMessage and recvMessage☆14Feb 20, 2020Updated 6 years ago
- Prototype Pollution Lab☆18Nov 20, 2020Updated 5 years ago
- Make better use of the embedded browser that comes by default with Burp☆44Jan 1, 2024Updated 2 years ago
- A Firefox Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon☆28Dec 9, 2024Updated last year
- ☆36Jun 21, 2024Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- FETCH THE PASSWORD STRETCHER☆39Dec 8, 2022Updated 3 years ago
- The Outlook HTML Leak Test Project☆41May 12, 2018Updated 8 years ago
- Leverages B64 chunks to split files and save to clipboard☆26Dec 7, 2025Updated 6 months ago
- Dockerfile for AFL++ and helpful other tools☆21May 5, 2020Updated 6 years ago
- Scripts/tools to destroy things☆16Sep 13, 2021Updated 4 years ago
- Creates and sends fake meeting invite☆75Apr 24, 2021Updated 5 years ago
- 用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。☆11Apr 2, 2021Updated 5 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆358Oct 14, 2020Updated 5 years ago
- Application Security Mind Maps☆12Apr 10, 2021Updated 5 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Nuclei templates for drupal vulns... far from perfect☆19Jan 9, 2025Updated last year
- ExtendedMacro - BurpSuite plugin providing extended macro functionality☆15Jan 13, 2021Updated 5 years ago
- This repository is for the Testing ASP.NET ViewState with YSoNet (YSoSerial.NET) workshop.☆25Dec 17, 2025Updated 6 months ago
- ATT&CK Models of the Threat Actor "Phineas Fisher"☆22Apr 30, 2020Updated 6 years ago
- ☆65Mar 10, 2026Updated 3 months ago
- Let's check if your target is vulnerable for client side prototype pollution.☆65Jan 9, 2024Updated 2 years ago
- ☆38Jan 17, 2024Updated 2 years ago
- WebApp intentionally made vulnerable to Race Condition for practicing Race Condition☆25Feb 23, 2022Updated 4 years ago
- libssh CVE-2018-10933☆22Oct 20, 2018Updated 7 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- WebSocket REPL for pentesters☆238Jul 24, 2024Updated last year
- Following OWASP TOP 10 (the top ten most critical web application security risk) I decided to build an XSS Scanner.☆12Dec 12, 2022Updated 3 years ago
- RDP EXPLOİT☆13Oct 28, 2019Updated 6 years ago
- tetctf2020_amf_writeups☆23Jan 3, 2021Updated 5 years ago
- An extension to use Semgrep inside Burp Suite.☆90May 23, 2025Updated last year
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆1,362Aug 7, 2025Updated 10 months ago
- Burp Extensions Api☆202Apr 15, 2026Updated 2 months ago