AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)
Lightweight BApp that seamlessly integrates powerful LLM-scanning capabilities into Burp's built-in Scanner with improved accuracy. Supports the latest LLMs from OpenAI (gpt-4o, o1), Anthropic (Claude 3.5, Claude 3), and Google (Gemini 1.5). Requires valid API key(s) and an active Burp Suite Pro or Enterprise license.
A passive recursive path probing extension for Burp Suite, built on the Montoya API with YAML rules and low-noise vulnerability detection.
Pentest Coverage Tracker is a Burp Suite extension that helps penetration testers monitor testing coverage in real time. It logs discovered endpoints and tracks whether their parameters are actually tested in Burp Suite. This helps highlight untested attack surfaces and provides clear visibility of coverage for security teams.
Burp Suite extension for passive JS reconnaissance - detects 1,600+ secret patterns, API keys, endpoints, and security misconfigurations in HTTP responses in real-time.
BurpSuite 被动指纹识别 / Favicon Hash / 递归目录扫描 / 路径收集 一体化插件
🎯 VISTA — AI-Powered Security Testing Assistant for Burp Suite. Real-time traffic analysis, 12 expert vulnerability templates, 80+ payloads, WAF detection & bypass. Supports OpenAI, Azure, and OpenRouter (FREE). Zero dependencies.
All-in-one Burp Suite attack framework — 16 active scanners, 4 passive analyzers, SQL exploitation engine (OmniMap), AI-powered fuzzing, prerequisite chain automation (Stepper), built-in OOB server (HTTP+DNS). Single JAR, Montoya API.
A Burp extension for finding AWS secrets
🆓 Free Burp Collaborator Alternative - Advanced Out-of-Band testing for Burp Suite Community & Pro. Multi-bin management, RequestBin.net integration, persistent storage.
MCP wrapper for Burp Suite that builds complete, well-formed HTTP requests from structured input + ingests dedup/JS exports for token-thrifty AI-assisted pentesting. Bundles a fixed Burp extension.
AI-Powered Burp Suite extension for elite bug bounty hunting. Detects HIGH/CRITICAL vulnerabilities using LLMs.
Burp Suite extension for passive GraphQL reconnaissance. Catalogs operations from proxy traffic, tracks variable shapes with sample values, stores original requests per signature, and sends to Intruder with auto-marked payload positions. Supports status triage, export/import for session persistence, and batched mutation detection.
Stop manually replacing cookies in every Repeater tab. Define your session tokens once and Cookie Swapper auto-applies them to any request. Perfect for retesting bugs with fresh cookies across large request histories.
🛡️ Burp Suite extension for automated access control bypass, path traversal & Web Cache Deception testing. Header spoofing, URL encoding, cache deception pipelines – all in one tool.
Proof-of-testing coverage tracker for Burp Suite — automatically captures traffic from all tools, classifies testing depth per endpoint, and highlights untested gaps in your scope.
HarQL - Advanced GraphQL Harvester Burp Suite Extension | No Introspection | Meta FB,IG,.. Optimized | Send to Repeater + Inferred Schema + Pitchfork Export
💉 Burp Deep Data Injector is a BurpSuite extension that allows pentesters to define targets within non-standard locations such as encoded regions or serialized data.
🔐 Burp Suite Extension for transparent AES-CBC encrypted traffic decryption, editing, and scanning
This burp plugin is currently in beta version to Identify XSS attacks (Including Dom) and helps to identify DOM Clobbering attacks.
Add a description, image, and links to the burp-extension topic page so that developers can more easily learn about it.
To associate your repository with the burp-extension topic, visit your repo's landing page and select "manage topics."