AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)

Lightweight BApp that seamlessly integrates powerful LLM-scanning capabilities into Burp's built-in Scanner with improved accuracy. Supports the latest LLMs from OpenAI (gpt-4o, o1), Anthropic (Claude 3.5, Claude 3), and Google (Gemini 1.5). Requires valid API key(s) and an active Burp Suite Pro or Enterprise license.

A passive recursive path probing extension for Burp Suite, built on the Montoya API with YAML rules and low-noise vulnerability detection.

Pentest Coverage Tracker is a Burp Suite extension that helps penetration testers monitor testing coverage in real time. It logs discovered endpoints and tracks whether their parameters are actually tested in Burp Suite. This helps highlight untested attack surfaces and provides clear visibility of coverage for security teams.

Burp Suite extension for passive JS reconnaissance - detects 1,600+ secret patterns, API keys, endpoints, and security misconfigurations in HTTP responses in real-time.

BurpSuite 被动指纹识别 / Favicon Hash / 递归目录扫描 / 路径收集 一体化插件

Burp Suite extension + port-based highlighter: dedupes HTTP history into a live unique-request feed and color-codes attacker/victim traffic by listener port (PwnFox-style) — built for Android/iOS multi-account IDOR/BOLA testing, with Magic Cookie, Match & Replace, and .http export for Claude Code / AI.

🎯 VISTA — AI-Powered Security Testing Assistant for Burp Suite. Real-time traffic analysis, 12 expert vulnerability templates, 80+ payloads, WAF detection & bypass. Supports OpenAI, Azure, and OpenRouter (FREE). Zero dependencies.

All-in-one Burp Suite attack framework — 16 active scanners, 4 passive analyzers, SQL exploitation engine (OmniMap), AI-powered fuzzing, prerequisite chain automation (Stepper), built-in OOB server (HTTP+DNS). Single JAR, Montoya API.

A Burp extension for finding AWS secrets

Burp Suite 自动注入 X-Forwarded-For、X-Real-IP 等 HTTP Header 插件，用于 IP 伪造、WAF 绕过、CDN 回源

MCP wrapper for Burp Suite that builds complete, well-formed HTTP requests from structured input + ingests dedup/JS exports for token-thrifty AI-assisted pentesting. Bundles a fixed Burp extension.

AI-Powered Burp Suite extension for elite bug bounty hunting. Detects HIGH/CRITICAL vulnerabilities using LLMs.

Stop manually replacing cookies in every Repeater tab. Define your session tokens once and Cookie Swapper auto-applies them to any request. Perfect for retesting bugs with fresh cookies across large request histories.

🆓 Free Burp Collaborator Alternative - Advanced Out-of-Band testing for Burp Suite Community & Pro. Multi-bin management, RequestBin.net integration, persistent storage.

Burp Suite extension for passive GraphQL reconnaissance. Catalogs operations from proxy traffic, tracks variable shapes with sample values, stores original requests per signature, and sends to Intruder with auto-marked payload positions. Supports status triage, export/import for session persistence, and batched mutation detection.

🛡️ Burp Suite extension for automated access control bypass, path traversal & Web Cache Deception testing. Header spoofing, URL encoding, cache deception pipelines – all in one tool.

Proof-of-testing coverage tracker for Burp Suite — automatically captures traffic from all tools, classifies testing depth per endpoint, and highlights untested gaps in your scope.

HarQL - Advanced GraphQL Harvester Burp Suite Extension | No Introspection | Meta FB,IG,.. Optimized | Send to Repeater + Inferred Schema + Pitchfork Export

💉 Burp Deep Data Injector is a BurpSuite extension that allows pentesters to define targets within non-standard locations such as encoded regions or serialized data.