Skip to content

Navigation Menu

Appearance settings

PortSwigger

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

PortSwigger

Verified
We've verified that the organization PortSwigger controls the domain:
- portswigger.net
Learn more about verified organizations

1.3k followers
United Kingdom
https://portswigger.net/
hello@portswigger.net

Overview
Repositories
Projects
Packages
People

More

Overview
Repositories
Projects
Packages
People

Pinned Loading

backslash-powered-scanner backslash-powered-scanner Public

Finds unknown classes of injection vulnerabilities

Java 699 100
httpoxy-scanner httpoxy-scanner Public

A Burp Suite extension that checks for the HTTPoxy vulnerability.

Java 97 25
distribute-damage distribute-damage Public

Evenly distributes scanner load across targets

Java 90 10

Repositories

Loading

Type

Select type

All Public Sources Forks Archived Mirrors Templates

Language

Select language

All BlitzBasic C++ Dockerfile Go HTML Java JavaScript Kotlin Perl PHP Python Ruby Smarty TypeScript

Sort

Select order

Last updated Name Stars

Showing 10 of 487 repositories

insertion-point-injector Public Forked from softwaresecured/burp-injector
💉 Burp InsertionPoint Injector is a BurpSuite extension that allows pentesters to define targets within non-standard locations such as encoded regions or serialized data.

PortSwigger/insertion-point-injector’s past year of commit activity

Java 0 MIT 1 0 0 Updated Aug 8, 2025
magic-variables Public Forked from softwaresecured/burp-magicvars
🪄 Magic variables is a Burp extension that provides helpful replacements in traffic such as random integers, random UUIDs and random strings.

PortSwigger/magic-variables’s past year of commit activity

Java 0 MIT 1 0 0 Updated Aug 8, 2025
software-vulnerability-scanner Public Forked from vulnersCom/burp-vulners-scanner
Vulnerability scanner based on vulners.com search API

PortSwigger/software-vulnerability-scanner’s past year of commit activity

Java 37 LGPL-3.0 190 0 0 Updated Aug 8, 2025
okta-totp-authenticator Public Forked from ganesh2183/OktaTOTPAuthenticator
Burp Suite plugin that dynamically generates Okta TOTP 2FA code for use in session handling rules

PortSwigger/okta-totp-authenticator’s past year of commit activity

Java 0 1 0 1 Updated Aug 7, 2025
notes-editor Public Forked from enochgitgamefied/notes-editor
The Notes Editor is a Burp Suite extension designed to enhance note-taking and report generation during security testing. It provides a rich text editor with tabbed documents, syntax highlighting, and built-in formatting tools for penetration testers.

PortSwigger/notes-editor’s past year of commit activity

Python 0 1 0 0 Updated Aug 7, 2025
get-all-parameters Public Forked from xnl-h4ck3r/GAP-Burp-Extension
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

PortSwigger/get-all-parameters’s past year of commit activity

Python 23 155 0 0 Updated Aug 7, 2025
certsquirt Public
A golang PKI in less than 1000 lines of code.

PortSwigger/certsquirt’s past year of commit activity

Go 8 BSD-3-Clause 3 0 0 Updated Aug 7, 2025
turbo-intruder Public
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

PortSwigger/turbo-intruder’s past year of commit activity

Kotlin 1,631 Apache-2.0 224 16 1 Updated Aug 7, 2025
http-request-smuggler Public

PortSwigger/http-request-smuggler’s past year of commit activity

Java 1,052 112 9 3 Updated Aug 7, 2025
jwt-monitor Public Forked from Redguard/jwt-monitor
This Burp Suite extension monitors a provided JWT token for its expiration and replaces any already present JWT token in outgoing requests with the provided one

PortSwigger/jwt-monitor’s past year of commit activity

Kotlin 0 1 0 0 Updated Aug 7, 2025

View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Java Python Kotlin JavaScript Ruby

Most used topics

extension dast

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.