Burp Extension Persistence

This module adds a java based malicious extension to the Burp Suite configuration file. When burp is opened, the extension will be loaded and the payload will be executed. Tested against Burp Suite Community Edition v2024.9.4, on Ubuntu Desktop 24.04. Tested against Burp Suite Community Edition...

Exploit for Deserialization of Untrusted Data in Facebook React

react2shellburp CVE-2025-55182 Burp Suite extension for ide...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Burp Passive Extension Passive Burp Suite exte...

Exploit for CVE-2025-55182

CVE-2025-55182 Next.js RCE Burp Extension Features -...

Exploit for Path Traversal in Igniterealtime Openfire

!Burp Suitehttps://img.shields.io/badge/Burp%20Suite-Pro%20E...

shellshocker-pocs

This repository contains a collection of Proof of Concepts PoCs and potential targets for the Shellshock vulnerability, also known as Bash Bug. The vulnerability affects the Bash shell and allows an attacker to execute arbitrary code by injecting malicious environment variables. The repository...

Exploit for OS Command Injection in Gnu Bash

This is an extension for Burp Suite, a web application security testing tool. The extension, named "ActiveScan++", extends Burp's active and passive scanning capabilities to identify application behavior that may be of interest to advanced testers. It includes checks for potential host header...

metasploit-framework

This repository is an offensive tool for Metasploit Framework. The primary CVE ID is not explicitly mentioned, but it is likely related to the Metasploit Framework itself. The target product/service or framework is Metasploit Framework, a penetration testing platform. The vulnerability class/vect...

GAP-Burp-Extension - Burp Extension To Find Potential Endpoints, Parameters, And Generate A Custom Target Wordlist

This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on, and produces a target specific wordlist to use for fuzzing. The full Help documentation can b...

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

Description The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. 1- Install and activate kk Star Ratings. 2- Go to the page that displays the star rating. 3- Using Burp and the Turbo Intruder extension, intercept the rating...

渗透字典

This repository is an offensive tool for Bug Bounty research and exploitation. The primary CVE ID is not explicitly mentioned, but it appears to be a collection of exploits and techniques for various vulnerabilities. The repository contains a wide range of exploits and techniques, including: 1...

LinkedIn: Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)

hello Team i have found issue on https://www.linkedin.com/help/linkedin/solve/contact , which spam the mail box of victim through alternative email and support team. Steps 1. Go to https://www.linkedin.com/help/linkedin/solve/contact 2. Fill the Form 3. Fill the victim mail id in alternative emai...

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and tools for testing and demonstrating various attacks. The repository includes a variety of modules and tools for different types of attacks, such as web...

Exploit for Improper Input Validation in Microsoft

Weaponized CVE-2019-0604 Automated Exploit Tool to Maximize C...

Exploit for CVE-2020-14756

This is an exploit module for the CVE-2020-14756 vulnerability in Oracle WebLogic. The vulnerability allows for remote code execution RCE due to a deserialization issue in the coherence.jar library. The exploit is written in Python and uses the socket library to establish a connection to the...

hackingtool

This repository is an offensive tool for a comprehensive hacking toolkit. The primary vulnerability class targeted is not explicitly stated, but the tool includes various modules for exploitation, reverse engineering, and post-exploitation. The probable entry points for this tool are scripts and...

vulhub2

It is an offensive tool for web application security training. The primary vulnerability targeted by this tool is not explicitly stated, but based on the provided code and metadata, it appears to be a web application vulnerability. The tool is designed to test the security of web applications, an...

Meet JWT heartbreaker, a Burp extension that finds thousands weak secrets automatically

In the recent post https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/, we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly. Using this data, its possible to check if you or your developers forgot to change default...

Meet JWT heartbreaker, a Burp extension that finds thousands weak secrets automatically

In the recent post https://wlrm210771357.wpcomstaging.com/340-weak-jwt-secrets-you-should-check-in-your-code/, we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly. Using this data, its possible to check if you or your developers forgot to chan...

Generator-Burp-Extension - Everything You Need About Burp Extension Generation

Everything You Need About Burp Extension Generation Installation First, install Yeoman and generator-burp-extension using npm we assume you have pre-installed node.js. npm install -g yo npm install -g generator-burp-extension Then generate your new project: yo burp-extension Burp Extension featur...