Skip to content

@PortSwigger PortSwigger

Change the repository type filter

All

    Repositories list

    429 repositories

    • xss-cheatsheet-data

      Public
      This repository contains all the XSS cheatsheet data to allow contributions from the community.
      Other
      8140400Updated Nov 5, 2024Nov 5, 2024

    • turbo-intruder

      Public
      Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
      Kotlin
      Apache License 2.0
      2111.5k141Updated Nov 4, 2024Nov 4, 2024

    • BChecks

      Public
      BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
      GNU Lesser General Public License v3.0
      111629250Updated Nov 4, 2024Nov 4, 2024

    • burp-suite-enterprise-edition-ami

      Public
      MIT License
      1200Updated Nov 4, 2024Nov 4, 2024

    • enterprise-helm-charts

      Public
      Helm charts for BSEE Kubernetes installation.
      kubernetesenterpriseburphelm-chart
      Smarty
      Apache License 2.0
      4323Updated Nov 4, 2024Nov 4, 2024

    • pycript

      Public
      Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing.
      Python
      MIT License
      24700Updated Oct 30, 2024Oct 30, 2024

    • client-side-path-traversal-exploitation

      Public
      CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
      Java
      Apache License 2.0
      4000Updated Oct 30, 2024Oct 30, 2024

    • websocket-turbo-intruder

      Public
      Fuzz WebSockets with custom Python code
      Java
      MIT License
      1300Updated Oct 30, 2024Oct 30, 2024

    • header-guardian

      Public
      Header Guardian is a Burp Suite extension that identifies missing, misconfigured, and unnecessary HTTP security headers in web application responses. It helps improve security by ensuring headers follow best practices, like those recommended by OWASP, for protecting against XSS, clickjacking, and information leakage.
      Python
      GNU Affero General Public License v3.0
      1000Updated Oct 30, 2024Oct 30, 2024

    • nmap-scanner

      Public
      The Nmap Scanner Burp Suite Extension integrates Nmap's powerful network scanning capabilities directly into the Burp Suite interface. This extension provides an easy-to-use graphical interface for initiating and viewing the results of Nmap scans within Burp Suite, making it an essential tool for security professionals and penetration testers.
      Python
      MIT License
      1200Updated Oct 30, 2024Oct 30, 2024

    • sensitive-discoverer

      Public
      Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.
      Java
      Apache License 2.0
      61700Updated Oct 30, 2024Oct 30, 2024

    • bambdas

      Public
      Bambdas collection for Burp Suite Professional and Community.
      Java
      GNU Lesser General Public License v3.0
      2920210Updated Oct 28, 2024Oct 28, 2024

    • param-miner

      Public
      Java
      Other
      1661.2k205Updated Oct 24, 2024Oct 24, 2024

    • pyburp

      Public
      BcryptMontoya is a powerful plugin for Burp Suite that allows you to effortlessly modify HTTP requests and responses passing through the Burp Suite proxy using Jython code or gRPC, especially when dealing with encrypted requests.
      Java
      7700Updated Oct 24, 2024Oct 24, 2024

    • captcha-converter

      Public
      A Burp Suite extension for converting Base64 data to an image.
      Java
      1000Updated Oct 23, 2024Oct 23, 2024

    • url-cheatsheet-data

      Public
      This is the data that powers the PortSwigger URL validation bypass cheat sheet.
      JavaScript
      42910Updated Oct 23, 2024Oct 23, 2024

    • saml-raider

      Public
      SAML2 Burp Extension
      Java
      MIT License
      742700Updated Oct 22, 2024Oct 22, 2024

    • qualys-was

      Public
      Qualys' Burp Extension for WAS
      Java
      3400Updated Oct 22, 2024Oct 22, 2024

    • burptrast

      Public
      Burp Plugin for Contrast Security
      Java
      Apache License 2.0
      2000Updated Oct 22, 2024Oct 22, 2024

    • copy-as-python-aiohttp

      Public
      Copy as aiohttp extension for Burp Suite
      Java
      MIT License
      1000Updated Oct 22, 2024Oct 22, 2024

    • look-over-there

      Public
      Python
      3100Updated Oct 17, 2024Oct 17, 2024

    • cache-killer

      Public
      Java
      0100Updated Oct 17, 2024Oct 17, 2024

    • host-header-inchecktion

      Public
      A burp extention to find host header injection vulnerabilities
      Java
      4300Updated Oct 15, 2024Oct 15, 2024

    • content-type-converter

      Public
      Central Repo for Burp extensions
      Java
      532200Updated Oct 11, 2024Oct 11, 2024

    • prototype-pollution-gadgets-finder

      Public
      Python
      3100Updated Oct 9, 2024Oct 9, 2024

    • certsquirt

      Public
      A golang PKI in less than 1000 lines of code.
      Go
      BSD 3-Clause "New" or "Revised" License
      2601Updated Oct 7, 2024Oct 7, 2024

    • splitting-the-email-atom

      Public
      HTML
      56500Updated Oct 4, 2024Oct 4, 2024

    • firewall-ferret

      Public
      This java project was created with Portswigger's Montoya API to be a Burp Extension. It's well known that WAFs only scan up to a certain amount of data per request. This extension allows a tester to manually insert junk data and adds junk data to Active Scans by duplicating each scan check.
      Java
      1000Updated Oct 3, 2024Oct 3, 2024

    • copy-request-response

      Public
      Burp extension for quickly copying request/response data.
      Java
      17800Updated Sep 27, 2024Sep 27, 2024

    • research-labs

      Public
      This repository contains a number of insecure self-hosted applications that allows interested security engineers to test vulnerabilities found by Portswigger Research team.
      TypeScript
      Apache License 2.0
      01400Updated Sep 27, 2024Sep 27, 2024