Zenk - Security

Le PAD pour proposer une amélioration à cette page : https://pad.zenk-security.com/p/merci

• Burp Suite extension to discover assets from HTTP response using passive #scanning. https://github.com/redhuntlabs/BurpSuite-Asset_Discover
• [summitt/Burp-Non-HTTP-Extension: Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.](https://github.com/summitt/Burp-Non-HTTP-Extension)
• [SpiderLabs/Airachnid-Burp-Extension: A Burp Extension to test applications for vulnerability to the Web Cache Deception attack](https://github.com/SpiderLabs/Airachnid-Burp-Extension)
• [RUB-NDS/BurpSSOExtension: An extension for BurpSuite that highlights SSO messages in Burp's proxy window..](https://github.com/RUB-NDS/BurpSSOExtension)
• [nccgroup/BurpSuiteHTTPSmuggler: A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)
• [NetSPI/JavaSerialKiller: Burp extension to perform Java Deserialization Attacks](https://github.com/NetSPI/JavaSerialKiller)
• [h3xstream/burp-retire-js: Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.](https://github.com/h3xstream/burp-retire-js)
• [PortSwigger/collaborator-everywhere: A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator](https://github.com/PortSwigger/collaborator-everywhere)
• [SecurityInnovation/AuthMatrix: AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.](https://github.com/SecurityInnovation/AuthMatrix)
• [augustd/burp-suite-error-message-checks: Burp Suite extension to passively scan for applications revealing server error messages](https://github.com/augustd/burp-suite-error-message-checks)
• [NetSPI/BurpExtractor: A Burp extension for generic extraction and reuse of data within HTTP requests and responses.](https://github.com/NetSPI/BurpExtractor)
• [PortSwigger/brida: The new bridge between Burp Suite and Frida!](https://github.com/portswigger/brida)
• [PortSwigger/distribute-damage: Evenly distributes scanner load across targets](https://github.com/PortSwigger/distribute-damage)
• [hvqzao/burp-wildcard: Burp extension intended to compact Burp extension tabs by hijacking them to own tab.](https://github.com/hvqzao/burp-wildcard)
• [Burp-Extensions/JSONPScannerCheck.py at master · tghosth/Burp-Extensions](https://github.com/tghosth/Burp-Extensions/blob/master/JSONPScannerCheck.py)
• [the-bumble/Burp-Scanner-OOB-Checks: This is a Burp extension for adding additional payloads to active scanner that require out-of-band validation. Works great with XSSHunter](https://github.com/the-bumble/Burp-Scanner-OOB-Checks)
• [d3vilbug/HackBar: HackBar plugin for Burpsuite v1.0](https://github.com/d3vilbug/HackBar)
• [hvqzao/burp-second-order: Extension for semi-automated search for second order issues in webapps](https://github.com/hvqzao/burp-second-order)
• [PortSwigger/param-miner](https://github.com/portswigger/param-miner)
• [PortSwigger/command-injection-attacker: SHELLING - a comprehensive OS command injection payload generator](https://github.com/portswigger/command-injection-attacker)
• [wagiro/BurpBounty: Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.](https://github.com/wagiro/BurpBounty)
• [righettod/log-requests-to-sqlite: BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.](https://github.com/righettod/log-requests-to-sqlite)
• [albinowax/ActiveScanPlusPlus: ActiveScan++ Burp Suite Plugin](https://github.com/albinowax/ActiveScanPlusPlus)
• [PortSwigger/backslash-powered-scanner: Finds unknown classes of injection vulnerabilities](https://github.com/PortSwigger/backslash-powered-scanner)
• [RhinoSecurityLabs/SleuthQL: Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.](https://github.com/RhinoSecurityLabs/SleuthQL)
• [Ebryx/AES-Killer: Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly](https://github.com/Ebryx/AES-Killer)
• [luh2/DetectDynamicJS: The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and aid in finding user/session data.](https://github.com/luh2/DetectDynamicJS)
• [EnableSecurity/burp-luhn-payload-processor: A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the “modulus 10” or “mod 10” algorithm).](https://github.com/EnableSecurity/burp-luhn-payload-processor)
• [federicodotta/Java-Deserialization-Scanner: All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities](https://github.com/federicodotta/Java-Deserialization-Scanner)
• [ilmila/J2EEScan: J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.](https://github.com/ilmila/J2EEScan)
• [mvetsch/JWT4B: JSON Web Tokens (JWT) support for Burp](https://github.com/mvetsch/JWT4B)
• [SAMLRaider/SAMLRaider: SAML Raider is a Burp Suite extension for testing SAML infrastructures](https://github.com/SAMLRaider/SAMLRaider)
• [zidekmat/graphql_beautifier: Burp Suite extension to help make Graphql request more readable](https://github.com/zidekmat/graphql_beautifier)
• [vergl4s/signatures: Length extension attacks in Burp Suite](https://github.com/vergl4s/signatures)

## Developing Burp Extensions

• [Adapting Burp extensions for tailored pentesting | Blog](https://portswigger.net/blog/adapting-burp-extensions-for-tailored-pentesting)
• [Burp Suite Extension Development Series](https://prakharprasad.com/burp-suite-extension-development-series/)
• [sunnyneo/burp-extension-training: Burp Extension Training](https://github.com/sunnyneo/burp-extension-training)