Dex to Java decompiler

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Runnable code for solving Project Euler problems in Java, Python, Mathematica, Haskell.

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

The new bridge between Burp Suite and Frida!

HackBar plugin for Burpsuite

latest version of scanners for IIS short filename (8.3) disclosure vulnerability

Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities

Burp plugin able to find reflected XSS on page in real-time while browsing on site

Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device ap…

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

SSRF plugin for burp Automates SSRF Detection in all of the Request

Because just a dark theme wasn't enough!

The Web Application Hacker's Handbook - Extra Content

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

An Android app that lets you use your access control card cloning devices in the field.

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

SAML2 Burp Extension

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)

Exfiltrate blind Remote Code Execution and SQL injection output over DNS via Burp Collaborator.

Burp extension to perform Java Deserialization Attacks

Burp Suite Extension useful to verify OAUTHv2 and OpenID security

Adds a customizable "Send to..."-context-menu to your BurpSuite.