Penetration testing commands for Plugins
Plugins and add-ons enhance existing tools with additional features or integration capabilities, offering greater flexibility and functionality for cybersecurity operations.
Name | Description | Price |
---|---|---|
AWS Extender | Identify and test S3 buckets, Google Storage buckets and Azure Storage containers for common misconfiguration | Free |
BurpBounty | Scan Check Builder in BApp Store, improve the active and passive scanner by means of personalized rules through a graphical interface | Free |
CogniCrypt | Supports Java developers in using Java Cryptographic APIs | Free |
Copy As FFUF | Copies the selected request(s) as FFUF skeleton | Free |
Copy As Go Request | Copies the selected request(s) as Go Request invocations | Free |
Copy as Node Request | Copies the selected request(s) as Node.JS Request invocations | Free |
Copy as PowerShell Requests | Copies the selected request(s) as PowerShell invocation(s) | Free |
Copy As Python-Requests | Copies selected request(s) as Python-Requests invocations | Free |
Copy As XMLHttpRequest | Copies selected request(s) as JavaScript XMLHttpRequest invocations | Free |
CSTC | Cyber Security Transformation Chef; chaining simple operations and formatting on each incoming or outgoing HTTP message | Free |
Exporter | Copies selected request(s) as cURL, wget, Python Request, Perl LWP, PHP HTTP_Request2, Go, NodeJS Request, jQuery AJAX, PowerShell, HTML Forms, Ruby Net::HTTP, JavaScript XHR invocations | Free |
GEF | GDB Enhanced Features, multi-architecture | Free |
HopLa | Adds autocompletion support and useful payloads in Burp Suite | Free |
http-screenshot-html | Nmap NSE script that scans for http server, takes a screenshot of them, and organizes the results into an HTML report | Free |
Hyperpwn | Improve the display when debugging with GDB, needs GEF, pwndbg or peda to be loaded in GDB as a backend | Free |
IIS Tilde Enumeration Scanner | Check for the IIS tilde enumeration / IIS 8.3 short filename disclosure vulnerability and to exploit it by enumerating all the short names in an IIS web server | Free |
KeePwn | Automate KeePass discovery and secret extraction | Free |
Matro7sh loaders | Encode Havoc shellcode (.bin) in XOR, chacha20, AES; supports 2 loaders: Myph, 221b | Free |
Mona | Set of commands for Immunity Debugger | Free |
PEDA | Python Exploit Development Assistance, (only python2.7) | Free |
Pwndbg | Enhance GDB, for exploit development and reverse engineering | Free |
PwnFox | Allow to have multiple identities in the same browser using firefox containers and hightlight the profile used with different colors | Free |
Scavenger | Create target specific and tailored wordlist from burp history | Free |
Sploitego | Maltego penetration testing Transforms | Free |
Stepper | Evolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses | Free |
ttddbg | Time Travel Debugging IDA plugin | Free |
volatility-gpg | Volatility3 plugins that can retrieve partial and full gpg passphrases from gpg-agent's cache | Free |
vulners | Vulnerability scanner based on vulners.com search API | Free |
XSSor | semi-automatic reflected and persistent XSS scanner | Free |
YesWeBurp | Access to all bug bounty programs directly inside Burp | Free |