Skip to content

Files

Failed to load latest commit information.

Latest commit

 Cannot retrieve latest commit at this time.

History

History
 
 

Burp and ZAP Extensions

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 



Web Hacker's Weapons
< Burp and ZAP Extensions >

A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
This is Cool Extensions collection of Burp suite and ZAP

Table of Contents

Cool Extensions

Type Name Description Popularity Language
All/CODE http-script-generator ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
All/PASV HUNT Data Driven web hacking Manual testing
All/PASV burp-retire-js Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
All/PASV csp-auditor Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
Burp/ACTIVE http-request-smuggler Testing HTTP Request Smuggling and Desync Attack
Burp/ACTIVE param-miner Parameter mining on Burpsuite
Burp/ACTIVE turbo-intruder Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Burp/AUTH AuthMatrix AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
Burp/BYPASS BurpSuiteHTTPSmuggler A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
Burp/CALLBACK taborator A Burp extension to show the Collaborator client in a tab
Burp/CODE burp-exporter Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.
Burp/EXPORT burp-send-to Adds a customizable "Send to..."-context-menu to your BurpSuite.
Burp/GQL inql InQL - A Burp Extension for GraphQL Security Testing
Burp/HISTORY BurpSuiteLoggerPlusPlus Burp Suite Logger++
Burp/PASV Autorize Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Burp/PASV BurpJSLinkFinder Burp Extension for a passive scanning JS files for endpoint links.
Burp/PASV BurpSuite-Secret_Finder Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.
Burp/PASV auto-repeater Automated HTTP Request Repeating With Burp Suite
Burp/PASV collaborator-everywhere A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
Burp/PASV femida Automated blind-xss search for Burp Suite
Burp/PASV reflected-parameters Find reflected parameter on Burpsuite
Burp/PIPE burp-piper Piper Burp Suite Extender plugin
Burp/REPEAT IntruderPayloads A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Burp/REPEAT Stepper A natural evolution of Burp Suite's Repeater tool
Burp/UTIL safecopy Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be added in the future.
ZAP/INTERFACE zap-hud The OWASP ZAP Heads Up Display (HUD)
ZAP/PASV attack-surface-detector-zap The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
ZAP/PASV reflect OWASP ZAP add-on to help find reflected parameter vulnerabilities
ZAP/SCRIPT community-scripts A collection of ZAP scripts provided by the community - pull requests very welcome!

Contribute and Contributor

Usage of add-tool

./add-tool
Usage of ./add-tool:
  -isFirst
    	if you add new type, it use
  -url string
    	any url

Three Procedures for the Contribute

  • First, your tool append data.json using `add-tool
$ ./add-tool -url https://github.com/sqlmapproject/sqlmap
Successfully Opened type.lst
[0] Army-Knife
[1] Discovery
[2] Fetch
[3] Scanner
[4] Utility
[+] What is type?
3
Scanner
[+] What is method(e.g XSS, WVS, SSL, ETC..)?
SQL
Successfully Opened data.json

  • Second, Give me PR or Add issue with data.json
  • Third, There's no third.

Add Burp Suite or ZAP Extensions

in WebHackersWeapons/Burp and ZAP Extensions directory

$ ../add-tool -url https://github.com/nccgroup/BurpSuiteLoggerPlusPlus

Distribute to Burp Suite or ZAP Extensions

$ ../distribute-readme
=> show new README file in Burp Suite or ZAP Extensions

Add/Distribute common tools

https://github.com/hahwul/WebHackersWeapons#contribute-and-contributor