mirror of
https://github.com/hahwul/WebHackersWeapons.git
synced 2025-01-18 18:47:13 -05:00
157 lines
12 KiB
JSON
157 lines
12 KiB
JSON
{
|
|
"AuthMatrix": {
|
|
"Data": "| Burp/AUTH | [AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix) | AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services. | ![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix) | ![](https://img.shields.io/github/languages/top/SecurityInnovation/AuthMatrix) |",
|
|
"Method": "AUTH",
|
|
"Type": "Burp"
|
|
},
|
|
"Autorize": {
|
|
"Data": "| Burp/PASV | [Autorize](https://github.com/Quitten/Autorize) | Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests | ![](https://img.shields.io/github/stars/Quitten/Autorize) | ![](https://img.shields.io/github/languages/top/Quitten/Autorize) |",
|
|
"Method": "PASV",
|
|
"Type": "Burp"
|
|
},
|
|
"BurpBounty": {
|
|
"Data": "| Burp/SCAN | [BurpBounty](https://github.com/wagiro/BurpBounty) | Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface. | ![](https://img.shields.io/github/stars/wagiro/BurpBounty) | ![](https://img.shields.io/github/languages/top/wagiro/BurpBounty) |",
|
|
"Method": "SCAN",
|
|
"Type": "Burp"
|
|
},
|
|
"BurpJSLinkFinder": {
|
|
"Data": "| Burp/PASV | [BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder) | Burp Extension for a passive scanning JS files for endpoint links. | ![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder) | ![](https://img.shields.io/github/languages/top/InitRoot/BurpJSLinkFinder) |",
|
|
"Method": "PASV",
|
|
"Type": "Burp"
|
|
},
|
|
"BurpSuite-Secret_Finder": {
|
|
"Data": "| Burp/PASV | [BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder) | Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response. | ![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder) | ![](https://img.shields.io/github/languages/top/m4ll0k/BurpSuite-Secret_Finder) |",
|
|
"Method": "PASV",
|
|
"Type": "Burp"
|
|
},
|
|
"BurpSuiteHTTPSmuggler": {
|
|
"Data": "| Burp/BYPASS | [BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler) | A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques | ![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler) | ![](https://img.shields.io/github/languages/top/nccgroup/BurpSuiteHTTPSmuggler) |",
|
|
"Method": "BYPASS",
|
|
"Type": "Burp"
|
|
},
|
|
"BurpSuiteLoggerPlusPlus": {
|
|
"Data": "| Burp/HISTORY | [BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus) | Burp Suite Logger++ | ![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus) | ![](https://img.shields.io/github/languages/top/nccgroup/BurpSuiteLoggerPlusPlus) |",
|
|
"Method": "HISTORY",
|
|
"Type": "Burp"
|
|
},
|
|
"HUNT": {
|
|
"Data": "| All/PASV | [HUNT](https://github.com/bugcrowd/HUNT) | Data Driven web hacking Manual testing | ![](https://img.shields.io/github/stars/bugcrowd/HUNT) | ![](https://img.shields.io/github/languages/top/bugcrowd/HUNT) |",
|
|
"Method": "PASV",
|
|
"Type": "All"
|
|
},
|
|
"IntruderPayloads": {
|
|
"Data": "| Burp/REPEAT | [IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. | ![](https://img.shields.io/github/stars/1N3/IntruderPayloads) | ![](https://img.shields.io/github/languages/top/1N3/IntruderPayloads) |",
|
|
"Method": "REPEAT",
|
|
"Type": "Burp"
|
|
},
|
|
"Stepper": {
|
|
"Data": "| Burp/REPEAT | [Stepper](https://github.com/CoreyD97/Stepper) | A natural evolution of Burp Suite's Repeater tool | ![](https://img.shields.io/github/stars/CoreyD97/Stepper) | ![](https://img.shields.io/github/languages/top/CoreyD97/Stepper) |",
|
|
"Method": "REPEAT",
|
|
"Type": "Burp"
|
|
},
|
|
"attack-surface-detector-zap": {
|
|
"Data": "| ZAP/PASV | [attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap) | The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters | ![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap) | ![](https://img.shields.io/github/languages/top/secdec/attack-surface-detector-zap) |",
|
|
"Method": "PASV",
|
|
"Type": "ZAP"
|
|
},
|
|
"auto-repeater": {
|
|
"Data": "| Burp/PASV | [auto-repeater](https://github.com/PortSwigger/auto-repeater) | Automated HTTP Request Repeating With Burp Suite | ![](https://img.shields.io/github/stars/PortSwigger/auto-repeater) | ![](https://img.shields.io/github/languages/top/PortSwigger/auto-repeater) |",
|
|
"Method": "PASV",
|
|
"Type": "Burp"
|
|
},
|
|
"burp-exporter": {
|
|
"Data": "| Burp/CODE | [burp-exporter](https://github.com/artssec/burp-exporter) | Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. | ![](https://img.shields.io/github/stars/artssec/burp-exporter) | ![](https://img.shields.io/github/languages/top/artssec/burp-exporter) |",
|
|
"Method": "CODE",
|
|
"Type": "Burp"
|
|
},
|
|
"burp-piper": {
|
|
"Data": "| Burp/PIPE | [burp-piper](https://github.com/silentsignal/burp-piper) | Piper Burp Suite Extender plugin | ![](https://img.shields.io/github/stars/silentsignal/burp-piper) | ![](https://img.shields.io/github/languages/top/silentsignal/burp-piper) |",
|
|
"Method": "PIPE",
|
|
"Type": "Burp"
|
|
},
|
|
"burp-retire-js": {
|
|
"Data": "| All/PASV | [burp-retire-js](https://github.com/h3xstream/burp-retire-js) | Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries. | ![](https://img.shields.io/github/stars/h3xstream/burp-retire-js) | ![](https://img.shields.io/github/languages/top/h3xstream/burp-retire-js) |",
|
|
"Method": "PASV",
|
|
"Type": "All"
|
|
},
|
|
"burp-send-to": {
|
|
"Data": "| Burp/EXPORT | [burp-send-to](https://github.com/bytebutcher/burp-send-to) | Adds a customizable \"Send to...\"-context-menu to your BurpSuite. | ![](https://img.shields.io/github/stars/bytebutcher/burp-send-to) | ![](https://img.shields.io/github/languages/top/bytebutcher/burp-send-to) |",
|
|
"Method": "EXPORT",
|
|
"Type": "Burp"
|
|
},
|
|
"collaborator-everywhere": {
|
|
"Data": "| Burp/PASV | [collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere) | A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator | ![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere) | ![](https://img.shields.io/github/languages/top/PortSwigger/collaborator-everywhere) |",
|
|
"Method": "PASV",
|
|
"Type": "Burp"
|
|
},
|
|
"community-scripts": {
|
|
"Data": "| ZAP/SCRIPT | [community-scripts](https://github.com/zaproxy/community-scripts) | A collection of ZAP scripts provided by the community - pull requests very welcome! | ![](https://img.shields.io/github/stars/zaproxy/community-scripts) | ![](https://img.shields.io/github/languages/top/zaproxy/community-scripts) |",
|
|
"Method": "SCRIPT",
|
|
"Type": "ZAP"
|
|
},
|
|
"csp-auditor": {
|
|
"Data": "| All/PASV | [csp-auditor](https://github.com/GoSecure/csp-auditor) | Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website | ![](https://img.shields.io/github/stars/GoSecure/csp-auditor) | ![](https://img.shields.io/github/languages/top/GoSecure/csp-auditor) |",
|
|
"Method": "PASV",
|
|
"Type": "All"
|
|
},
|
|
"femida": {
|
|
"Data": "| Burp/PASV | [femida](https://github.com/wish-i-was/femida) | Automated blind-xss search for Burp Suite | ![](https://img.shields.io/github/stars/wish-i-was/femida) | ![](https://img.shields.io/github/languages/top/wish-i-was/femida) |",
|
|
"Method": "PASV",
|
|
"Type": "Burp"
|
|
},
|
|
"http-request-smuggler": {
|
|
"Data": "| Burp/ACTIVE | [http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler) | Testing HTTP Request Smuggling and Desync Attack | ![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) | ![](https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) |",
|
|
"Method": "ACTIVE",
|
|
"Type": "Burp"
|
|
},
|
|
"http-script-generator": {
|
|
"Data": "| All/CODE | [http-script-generator](https://github.com/h3xstream/http-script-generator) | ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks) | ![](https://img.shields.io/github/stars/h3xstream/http-script-generator) | ![](https://img.shields.io/github/languages/top/h3xstream/http-script-generator) |",
|
|
"Method": "CODE",
|
|
"Type": "All"
|
|
},
|
|
"inql": {
|
|
"Data": "| Burp/GQL | [inql](https://github.com/doyensec/inql) | InQL - A Burp Extension for GraphQL Security Testing | ![](https://img.shields.io/github/stars/doyensec/inql) | ![](https://img.shields.io/github/languages/top/doyensec/inql) |",
|
|
"Method": "GQL",
|
|
"Type": "Burp"
|
|
},
|
|
"owasp-zap-jwt-addon": {
|
|
"Type": "ZAP",
|
|
"Data": "| ZAP/JWT | [owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon) | OWASP ZAP addon for finding vulnerabilities in JWT Implementations | ![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon) | ![](https://img.shields.io/github/languages/top/SasanLabs/owasp-zap-jwt-addon) |",
|
|
"Method": "JWT"
|
|
},
|
|
"param-miner": {
|
|
"Data": "| Burp/ACTIVE | [param-miner](https://github.com/PortSwigger/param-miner) | Parameter mining on Burpsuite | ![](https://img.shields.io/github/stars/PortSwigger/param-miner) | ![](https://img.shields.io/github/languages/top/PortSwigger/param-miner) |",
|
|
"Method": "ACTIVE",
|
|
"Type": "Burp"
|
|
},
|
|
"reflect": {
|
|
"Data": "| ZAP/PASV | [reflect](https://github.com/TypeError/reflect) | OWASP ZAP add-on to help find reflected parameter vulnerabilities | ![](https://img.shields.io/github/stars/TypeError/reflect) | ![](https://img.shields.io/github/languages/top/TypeError/reflect) |",
|
|
"Method": "PASV",
|
|
"Type": "ZAP"
|
|
},
|
|
"reflected-parameters": {
|
|
"Data": "| Burp/PASV | [reflected-parameters](https://github.com/PortSwigger/reflected-parameters) | Find reflected parameter on Burpsuite | ![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters) | ![](https://img.shields.io/github/languages/top/PortSwigger/reflected-parameters) |",
|
|
"Method": "PASV",
|
|
"Type": "Burp"
|
|
},
|
|
"safecopy": {
|
|
"Data": "| Burp/UTIL | [safecopy](https://github.com/yashrs/safecopy) | Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be added in the future. | ![](https://img.shields.io/github/stars/yashrs/safecopy) | ![](https://img.shields.io/github/languages/top/yashrs/safecopy) |",
|
|
"Method": "UTIL",
|
|
"Type": "Burp"
|
|
},
|
|
"taborator": {
|
|
"Data": "| Burp/CALLBACK | [taborator](https://github.com/hackvertor/taborator) | A Burp extension to show the Collaborator client in a tab | ![](https://img.shields.io/github/stars/hackvertor/taborator) | ![](https://img.shields.io/github/languages/top/hackvertor/taborator) |",
|
|
"Method": "CALLBACK",
|
|
"Type": "Burp"
|
|
},
|
|
"turbo-intruder": {
|
|
"Data": "| Burp/ACTIVE | [turbo-intruder](https://github.com/PortSwigger/turbo-intruder) | Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. | ![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder) | ![](https://img.shields.io/github/languages/top/PortSwigger/turbo-intruder) |",
|
|
"Method": "ACTIVE",
|
|
"Type": "Burp"
|
|
},
|
|
"zap-hud": {
|
|
"Data": "| ZAP/INTERFACE | [zap-hud](https://github.com/zaproxy/zap-hud) | The OWASP ZAP Heads Up Display (HUD) | ![](https://img.shields.io/github/stars/zaproxy/zap-hud) | ![](https://img.shields.io/github/languages/top/zaproxy/zap-hud) |",
|
|
"Method": "INTERFACE",
|
|
"Type": "ZAP"
|
|
}
|
|
} |