Penetration testing commands for Plugins
Plugins and add-ons enhance existing tools with additional features or integration capabilities, offering greater flexibility and functionality for cybersecurity operations.
| Name | Description | Price |
|---|---|---|
| AWS Extender | Identify and test S3 buckets, Google Storage buckets and Azure Storage containers for common misconfiguration | Free |
| BurpBounty | Scan Check Builder in BApp Store, improve the active and passive scanner by means of personalized rules through a graphical interface | Free |
| CogniCrypt | Supports Java developers in using Java Cryptographic APIs | Free |
| Copy As FFUF | Copies the selected request(s) as FFUF skeleton | Free |
| Copy As Go Request | Copies the selected request(s) as Go Request invocations | Free |
| Copy as Node Request | Copies the selected request(s) as Node.JS Request invocations | Free |
| Copy as PowerShell Requests | Copies the selected request(s) as PowerShell invocation(s) | Free |
| Copy As Python-Requests | Copies selected request(s) as Python-Requests invocations | Free |
| Copy As XMLHttpRequest | Copies selected request(s) as JavaScript XMLHttpRequest invocations | Free |
| CSTC | Cyber Security Transformation Chef; chaining simple operations and formatting on each incoming or outgoing HTTP message | Free |
| Exporter | Copies selected request(s) as cURL, wget, Python Request, Perl LWP, PHP HTTP_Request2, Go, NodeJS Request, jQuery AJAX, PowerShell, HTML Forms, Ruby Net::HTTP, JavaScript XHR invocations | Free |
| GEF | GDB Enhanced Features, multi-architecture | Free |
| HopLa | Adds autocompletion support and useful payloads in Burp Suite | Free |
| http-screenshot-html | Nmap NSE script that scans for http server, takes a screenshot of them, and organizes the results into an HTML report | Free |
| Hyperpwn | Improve the display when debugging with GDB, needs GEF, pwndbg or peda to be loaded in GDB as a backend | Free |
| IIS Tilde Enumeration Scanner | Check for the IIS tilde enumeration / IIS 8.3 short filename disclosure vulnerability and to exploit it by enumerating all the short names in an IIS web server | Free |
| KeePwn | Automate KeePass discovery and secret extraction | Free |
| Matro7sh loaders | Encode Havoc shellcode (.bin) in XOR, chacha20, AES; supports 2 loaders: Myph, 221b | Free |
| Mona | Set of commands for Immunity Debugger | Free |
| PEDA | Python Exploit Development Assistance, (only python2.7) | Free |
| Pwndbg | Enhance GDB, for exploit development and reverse engineering | Free |
| PwnFox | Allow to have multiple identities in the same browser using firefox containers and hightlight the profile used with different colors | Free |
| Scavenger | Create target specific and tailored wordlist from burp history | Free |
| Sploitego | Maltego penetration testing Transforms | Free |
| Stepper | Evolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses | Free |
| ttddbg | Time Travel Debugging IDA plugin | Free |
| volatility-gpg | Volatility3 plugins that can retrieve partial and full gpg passphrases from gpg-agent's cache | Free |
| vulners | Vulnerability scanner based on vulners.com search API | Free |
| XSSor | semi-automatic reflected and persistent XSS scanner | Free |
| YesWeBurp | Access to all bug bounty programs directly inside Burp | Free |