the-bumble/Burp-Scanner-OOB-Checks external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

the-bumble/Burp-Scanner-OOB-Checks

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/the-bumble/Burp-Scanner-OOB-Checks)

Close

the-bumble / Burp-Scanner-OOB-ChecksView on GitHubMore

• External links
• Readme badge

This is a Burp extension for adding additional payloads to active scanner that require out-of-band validation. Works great with XSSHunter

☆20Feb 16, 2017Updated 9 years ago

Alternatives and similar repositories for Burp-Scanner-OOB-Checks

Users that are interested in Burp-Scanner-OOB-Checks are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• lavalamp- / content-discovery-hit-lists

  View on GitHub
  This repository contains hit lists to use for web application content discovery.
  ☆11May 31, 2017Updated 8 years ago
• TheRook / nsshell

  View on GitHub
  A DNS connectback shell executed by strings in payloads.txt
  ☆104Sep 19, 2023Updated 2 years ago
• audibleblink / kh

  View on GitHub
  Keyhack - Golang API token/webhook validator
  ☆16Mar 20, 2025Updated last year
• mandatoryprogrammer / lambda-intruder

  View on GitHub
  An example of high-QPS requesting Burp Intruder style on AWS Lambda via self-invocation.
  ☆22Nov 15, 2018Updated 7 years ago
• phefley / burp-javascript-security-extension

  View on GitHub
  A Burp Suite extension which performs checks for cross-domain scripting against the DOM, subresource integrity checks, and evaluates Java…
  ☆26Mar 23, 2022Updated 4 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• lavalamp- / smb-check

  View on GitHub
  A simple bash script that uses smbclient to test access to Windows file shares in automated fashion.
  ☆19Jul 9, 2015Updated 10 years ago
• augustd / burp-suite-gwt-scan

  View on GitHub
  Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests
  ☆13Sep 24, 2015Updated 10 years ago
• jstnkndy / scripts

  View on GitHub
  Scripts that I've written that others may find useful
  ☆14Aug 17, 2022Updated 3 years ago
• silentsignal / ActiveScan3Plus

  View on GitHub
  Modified version of ActiveScan++ Burp Suite extension
  ☆31Jan 30, 2017Updated 9 years ago
• timkent / vulnlab

  View on GitHub
  Scripts to control an "OSCP-like" lab environment.
  ☆23Aug 14, 2017Updated 8 years ago
• moloch-- / electric-scan

  View on GitHub
  Electron based screenshot scanner
  ☆68Feb 4, 2023Updated 3 years ago
• bonzitechnology / padoracle

  View on GitHub
  A framework for exploiting padding oracles in network-based applications
  ☆26Apr 7, 2026Updated last month
• modzero / interestingFileScanner

  View on GitHub
  Burp extension
  ☆58Jun 18, 2018Updated 7 years ago
• bbhunter / apk_api_key_extractor

  View on GitHub
  Automatically extracts API Keys from APK files
  ☆14Feb 1, 2022Updated 4 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• SecurityRiskAdvisors / Burp-Load-Balancer-Cookie-Scanner

  View on GitHub
  Burp extension to find and decode BigIP and Netscaler cookies
  ☆15Jul 20, 2018Updated 7 years ago
• PaulSec / API-netcraft.com

  View on GitHub
  (Unofficial) Python API for http://netcraft.com
  ☆15Jul 6, 2016Updated 9 years ago
• eur0pa / tko-subs

  View on GitHub
  A tool that can help detect and takeover subdomains with dead DNS records
  ☆12Aug 23, 2018Updated 7 years ago
• virusvfv / BurpBounty-Profiles

  View on GitHub
  ☆16Oct 24, 2018Updated 7 years ago
• mandatoryprogrammer / wmap

  View on GitHub
  a mass web screenshot tool for mapping web networks.
  ☆24Apr 16, 2015Updated 11 years ago
• 0x00-0x00 / CVE-2016-2098

  View on GitHub
  Ruby On Rails unrestricted render() exploit
  ☆16Feb 9, 2018Updated 8 years ago
• TheTwitchy / xxer

  View on GitHub
  A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
  ☆519Jul 29, 2020Updated 5 years ago
• smiegles / mass3

  View on GitHub
  ☆125Sep 2, 2019Updated 6 years ago
• hypnosec / evil-repo

  View on GitHub
  "><script>prompt(1)</script>''"><!--<svg>
  ☆18Nov 20, 2015Updated 10 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• 0xc0da / cymru-asnmap

  View on GitHub
  Bulk IP to ASN submission to the Team Cymru Whois server. More info: http://www.team-cymru.org/IP-ASN-mapping.html
  ☆15Oct 30, 2023Updated 2 years ago
• roddux / wordpress-dos-poc

  View on GitHub
  WordPress <= 5.3.? DoS
  ☆25Dec 17, 2019Updated 6 years ago
• drk1wi / HeaderScan

  View on GitHub
  "HeaderScan" Burp Plugin
  ☆16Apr 26, 2014Updated 12 years ago
• yixuanzi / blocksword

  View on GitHub
  一个简单的NIDS系统
  ☆15May 17, 2017Updated 9 years ago
• zpettry / boxer

  View on GitHub
  Boxer: A fast directory bruteforce tool written in Python with concurrency.
  ☆14Feb 26, 2021Updated 5 years ago
• bonzitechnology / gograbber

  View on GitHub
  A horizontal and vertical web content enumerator
  ☆51Apr 7, 2026Updated last month
• protoflow-labs / protoflow

  View on GitHub
  Language-agnostic workflow builder. Modular code that goes from dev to prod in a minute with principled design decisions.
  ☆14Mar 11, 2024Updated 2 years ago
• pwndizzle / pybuster

  View on GitHub
  A multi-target URL bruteforcer
  ☆22Aug 6, 2018Updated 7 years ago
• Hood3dRob1n / addicted2hash

  View on GitHub
  Hashcat Bash Scripts for bulk hash file processing
  ☆52Jul 2, 2016Updated 9 years ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• C-Sto / GoGitDumper

  View on GitHub
  Dump exposed HTTP .git fast
  ☆51Nov 11, 2022Updated 3 years ago
• GoSecure / burp-ntlm-challenge-decoder

  View on GitHub
  Burp extension to decode NTLM SSP headers and extract domain/host information
  ☆31Mar 11, 2021Updated 5 years ago
• kondukto-io / semgrep-rules

  View on GitHub
  Custom semgrep rules registry
  ☆14Aug 23, 2022Updated 3 years ago
• BishopFox / pwn-pulse

  View on GitHub
  Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
  ☆135Jan 15, 2020Updated 6 years ago
• C-Sto / recursebuster

  View on GitHub
  rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
  ☆250Oct 15, 2019Updated 6 years ago
• moloch-- / reasonably-secure-electron

  View on GitHub
  A pattern for reasonably secure Electron applications
  ☆73Feb 4, 2023Updated 3 years ago
• ShadowHatesYou / whori.sh

  View on GitHub
  Zone transfers for rwhois
  ☆20Feb 27, 2019Updated 7 years ago