Penetration testing commands for Plugins

Plugins and add-ons enhance existing tools with additional features or integration capabilities, offering greater flexibility and functionality for cybersecurity operations.

NameDescriptionPrice
AWS ExtenderIdentify and test S3 buckets, Google Storage buckets and Azure Storage containers for common misconfigurationFree
BurpBountyScan Check Builder in BApp Store, improve the active and passive scanner by means of personalized rules through a graphical interfaceFree
CogniCryptSupports Java developers in using Java Cryptographic APIsFree
Copy As FFUFCopies the selected request(s) as FFUF skeletonFree
Copy As Go RequestCopies the selected request(s) as Go Request invocationsFree
Copy as Node RequestCopies the selected request(s) as Node.JS Request invocationsFree
Copy as PowerShell RequestsCopies the selected request(s) as PowerShell invocation(s)Free
Copy As Python-RequestsCopies selected request(s) as Python-Requests invocationsFree
Copy As XMLHttpRequestCopies selected request(s) as JavaScript XMLHttpRequest invocationsFree
CSTCCyber Security Transformation Chef; chaining simple operations and formatting on each incoming or outgoing HTTP messageFree
ExporterCopies selected request(s) as cURL, wget, Python Request, Perl LWP, PHP HTTP_Request2, Go, NodeJS Request, jQuery AJAX, PowerShell, HTML Forms, Ruby Net::HTTP, JavaScript XHR invocationsFree
GEFGDB Enhanced Features, multi-architectureFree
HopLaAdds autocompletion support and useful payloads in Burp SuiteFree
http-screenshot-htmlNmap NSE script that scans for http server, takes a screenshot of them, and organizes the results into an HTML reportFree
HyperpwnImprove the display when debugging with GDB, needs GEF, pwndbg or peda to be loaded in GDB as a backendFree
IIS Tilde Enumeration ScannerCheck for the IIS tilde enumeration / IIS 8.3 short filename disclosure vulnerability and to exploit it by enumerating all the short names in an IIS web serverFree
KeePwnAutomate KeePass discovery and secret extractionFree
Matro7sh loadersEncode Havoc shellcode (.bin) in XOR, chacha20, AES; supports 2 loaders: Myph, 221bFree
MonaSet of commands for Immunity DebuggerFree
PEDAPython Exploit Development Assistance, (only python2.7)Free
PwndbgEnhance GDB, for exploit development and reverse engineeringFree
PwnFoxAllow to have multiple identities in the same browser using firefox containers and hightlight the profile used with different colorsFree
ScavengerCreate target specific and tailored wordlist from burp historyFree
SploitegoMaltego penetration testing TransformsFree
StepperEvolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responsesFree
ttddbgTime Travel Debugging IDA pluginFree
volatility-gpgVolatility3 plugins that can retrieve partial and full gpg passphrases from gpg-agent's cacheFree
vulnersVulnerability scanner based on vulners.com search APIFree
XSSorsemi-automatic reflected and persistent XSS scannerFree
YesWeBurpAccess to all bug bounty programs directly inside BurpFree