A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.
Intentionally vulnerable Android application.
使用java编写的CRLF-Injection-burp被动扫描插件
auto decrypt the request ciphertext and auto bypass the signature of the API. 针对数据包加密、签名保护的安全测试场景,借助burp插件自动解密数据包密文,自动绕过接口的签名保护,最后借助密文数据天然过waf的优势结合Xray等漏扫工具完成半自动的安全测试
Text4Shell的burp被动扫描插件
Burpsuite Plugin to detect Directory Traversal vulnerabilities
A BurpSuite extension for vulnerability Scanning
Hello, Attack Surface Scan, BurpSuite完全被动扫描插件,不主动发送任何请求,适合挂机使用。
Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)
SALSA 💃⚡ - SALesforce Scanner for Aura (and beyond). Enumeration of vulnerabilities and misconfigurations against Salesforce endpoint.
Buggyapp is an vulnerable android application. This app can be used by pentesters, security researchers to practice Android application pentesting. This is build for beginners to learn basics about Android application pentesting
A handy plugin for copying requests/responses directly from Burp, some extra magic included.
Some useful files for upload features pentesting
A BurpSuite extension that allows you to use Chromium with PwnFox
extract social media accounts and check if possible to hijacking