High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 459 detection rules with live credential validation.

The bridge between Burp Suite and modern AI.

Burp AI Agent is an extension for Burp Suite that integrates AI capabilities into your security workflow.

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

• Burp AI Agent @ GitHub.

Related contents:

• Erreur 403 | #63 :fr:.

A powerful Burp Suite extension for JavaScript static analysis. Extracts API endpoints, URLs, secrets, and email addresses from JavaScript files with intelligent noise filtering. The goal is reduce noise as much as possible to ensure the accuracy

A research project to add some brrrrrr to Burp.

"burpference" started as a research idea of offensive agent capabilities and is a fun take on Burp Suite and running inference. The extension is open-source and designed to capture in-scope HTTP requests and responses from Burp's proxy history and ship them to a remote LLM API in JSON format. It's designed with a flexible approach where you can configure custom system prompts, store API keys and select remote hosts from numerous model providers as well as the ability for you to create your own API configuration. The idea is for an LLM to act as an agent in an offensive web application engagement to leverage your skills and surface findings and lingering vulnerabilities. By being able to create your own configuration and model provider allows you to also host models locally via Ollama to prevent potential high inference costs and potential network delays or rate limits.

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests.

• Dans +80% des cas où je teste la sécurité d'API, je trouve des problèmes de droit ou d'autorisation. Alors voici 2 plugins Burpsuite à connaître 👇 @ Corentin M.'s LinkedIn :fr:.

AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.

• Dans +80% des cas où je teste la sécurité d'API, je trouve des problèmes de droit ou d'autorisation. Alors voici 2 plugins Burpsuite à connaître 👇 @ Corentin M.'s LinkedIn :fr:.

An HTTP toolkit for security research.

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.

• Hetty @ GitHub.

Related contents:

• 🚀 Découvrez Hetty : L'Alternative Open Source à Burp Suite Pro pour la Recherche en Sécurité 🔒 @ Maory Schroder's LinkedIn :fr:.

Reaper is a reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP etc. This is an attack proxy with a heavy focus on automation, collaboration, and building universally distributable workflows.

Reaper @ GitHub.

Application Security Testing Software. Free, lightweight web application security scanning for CI/CD. manual tools to start web security testing.

Related contents:

• Untangling Microsoft Graph's $batch requests in Burp @ Katie Knowles.

A Burp Extension for GraphQL Security Testing. A security testing tool to facilitate GraphQL technology security auditing efforts.