gf4
/
WebHackersWeapons
mirror of https://git.hackliberty.org/Awesome-Mirrors/WebHackersWeapons
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
WebHackersWeapons/Burp and ZAP Extensions/README.md

90 lines
9.0 KiB
Markdown
Raw Normal View History

(Closed #4) Add Burp and ZAP Extensions page
2020-04-10 10:48:38 -06:00
<h1 align="center">
<br>
Update Burp/ZAP Readme
2020-04-10 10:54:55 -06:00
<a href=""><img src="https://user-images.githubusercontent.com/13212227/79006553-5fbfc100-7b94-11ea-8b42-3fa154d098fd.png" alt="" width="600px;"></a>
(Closed #4) Add Burp and ZAP Extensions page
2020-04-10 10:48:38 -06:00
<br>
Web Hacker's Weapons<br>
&lt; Burp and ZAP Extensions &gt;
<br>
<a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=flat-square"></a> <img src="https://img.shields.io/github/languages/top/hahwul/WebHackersWeapons?style=flat-square"> <img src="https://img.shields.io/github/last-commit/hahwul/WebHackersWeapons?style=flat-square">
</h1>
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting<br>
This is Cool Extensions collection of Burp suite and ZAP
## Table of Contents
- [Web Hacker's Weapons Main](https://github.com/hahwul/WebHackersWeapons)
- [Cool Extensions](#cool-extensions)
- [Contribute](#contribute-and-contributor)
## Cool Extensions
distribute readme
2020-04-18 10:41:11 -06:00
| Type | Name | Description | Popularity | Language |
| ---------- | :---------- | :----------: | :----------: | :----------: |
distribute readme
2020-04-29 23:18:23 -06:00
| All/CODE | [http-script-generator](https://github.com/h3xstream/http-script-generator) | ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks) | ![](https://img.shields.io/github/stars/h3xstream/http-script-generator) | ![](https://img.shields.io/github/languages/top/h3xstream/http-script-generator) |
| All/PASV | [HUNT](https://github.com/bugcrowd/HUNT) | Data Driven web hacking Manual testing | ![](https://img.shields.io/github/stars/bugcrowd/HUNT) | ![](https://img.shields.io/github/languages/top/bugcrowd/HUNT) |
| All/PASV | [burp-retire-js](https://github.com/h3xstream/burp-retire-js) | Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries. | ![](https://img.shields.io/github/stars/h3xstream/burp-retire-js) | ![](https://img.shields.io/github/languages/top/h3xstream/burp-retire-js) |
| All/PASV | [csp-auditor](https://github.com/GoSecure/csp-auditor) | Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website | ![](https://img.shields.io/github/stars/GoSecure/csp-auditor) | ![](https://img.shields.io/github/languages/top/GoSecure/csp-auditor) |
| Burp/ACTIVE | [http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler) | Testing HTTP Request Smuggling and Desync Attack | ![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) | ![](https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) |
| Burp/ACTIVE | [param-miner](https://github.com/PortSwigger/param-miner) | Parameter mining on Burpsuite | ![](https://img.shields.io/github/stars/PortSwigger/param-miner) | ![](https://img.shields.io/github/languages/top/PortSwigger/param-miner) |
| Burp/ACTIVE | [turbo-intruder](https://github.com/PortSwigger/turbo-intruder) | Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. | ![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder) | ![](https://img.shields.io/github/languages/top/PortSwigger/turbo-intruder) |
distribute readme
2020-04-22 09:24:19 -06:00
| Burp/BYPASS | [BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler) | A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques | ![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler) | ![](https://img.shields.io/github/languages/top/nccgroup/BurpSuiteHTTPSmuggler) |
distribute readme
2020-04-29 23:18:23 -06:00
| Burp/CALLBACK | [taborator](https://github.com/hackvertor/taborator) | A Burp extension to show the Collaborator client in a tab | ![](https://img.shields.io/github/stars/hackvertor/taborator) | ![](https://img.shields.io/github/languages/top/hackvertor/taborator) |
distribute readme
2020-04-18 10:41:11 -06:00
| Burp/CODE | [burp-exporter](https://github.com/artssec/burp-exporter) | Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. | ![](https://img.shields.io/github/stars/artssec/burp-exporter) | ![](https://img.shields.io/github/languages/top/artssec/burp-exporter) |
distribute readme
2020-04-29 23:18:23 -06:00
| Burp/EXPORT | [burp-send-to](https://github.com/bytebutcher/burp-send-to) | Adds a customizable "Send to..."-context-menu to your BurpSuite. | ![](https://img.shields.io/github/stars/bytebutcher/burp-send-to) | ![](https://img.shields.io/github/languages/top/bytebutcher/burp-send-to) |
distribute readme
2020-04-18 10:41:11 -06:00
| Burp/HISTORY | [BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus) | Burp Suite Logger++ | ![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus) | ![](https://img.shields.io/github/languages/top/nccgroup/BurpSuiteLoggerPlusPlus) |
distribute readme
2020-04-29 23:18:23 -06:00
| Burp/PASV | [Autorize](https://github.com/Quitten/Autorize) | Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests | ![](https://img.shields.io/github/stars/Quitten/Autorize) | ![](https://img.shields.io/github/languages/top/Quitten/Autorize) |
| Burp/PASV | [BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder) | Burp Extension for a passive scanning JS files for endpoint links. | ![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder) | ![](https://img.shields.io/github/languages/top/InitRoot/BurpJSLinkFinder) |
| Burp/PASV | [auto-repeater](https://github.com/PortSwigger/auto-repeater) | Automated HTTP Request Repeating With Burp Suite | ![](https://img.shields.io/github/stars/PortSwigger/auto-repeater) | ![](https://img.shields.io/github/languages/top/PortSwigger/auto-repeater) |
| Burp/PASV | [collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere) | A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator | ![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere) | ![](https://img.shields.io/github/languages/top/PortSwigger/collaborator-everywhere) |
| Burp/PASV | [femida](https://github.com/wish-i-was/femida) | Automated blind-xss search for Burp Suite | ![](https://img.shields.io/github/stars/wish-i-was/femida) | ![](https://img.shields.io/github/languages/top/wish-i-was/femida) |
| Burp/PASV | [reflected-parameters](https://github.com/PortSwigger/reflected-parameters) | Find reflected parameter on Burpsuite | ![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters) | ![](https://img.shields.io/github/languages/top/PortSwigger/reflected-parameters) |
| Burp/REPEAT | [IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. | ![](https://img.shields.io/github/stars/1N3/IntruderPayloads) | ![](https://img.shields.io/github/languages/top/1N3/IntruderPayloads) |
| Burp/REPEAT | [Stepper](https://github.com/CoreyD97/Stepper) | A natural evolution of Burp Suite's Repeater tool | ![](https://img.shields.io/github/stars/CoreyD97/Stepper) | ![](https://img.shields.io/github/languages/top/CoreyD97/Stepper) |
distribute readme
2020-04-18 10:41:11 -06:00
| ZAP/INTERFACE | [zap-hud](https://github.com/zaproxy/zap-hud) | The OWASP ZAP Heads Up Display (HUD) | ![](https://img.shields.io/github/stars/zaproxy/zap-hud) | ![](https://img.shields.io/github/languages/top/zaproxy/zap-hud) |
distribute readme
2020-05-05 09:19:30 -06:00
| ZAP/PASV | [reflect](https://github.com/TypeError/reflect) | OWASP ZAP add-on to help find reflected parameter vulnerabilities | ![](https://img.shields.io/github/stars/TypeError/reflect) | ![](https://img.shields.io/github/languages/top/TypeError/reflect) |
| ZAP/SCRIPT | [community-scripts](https://github.com/zaproxy/community-scripts) | A collection of ZAP scripts provided by the community - pull requests very welcome! | ![](https://img.shields.io/github/stars/zaproxy/community-scripts) | ![](https://img.shields.io/github/languages/top/zaproxy/community-scripts) |
(Closed #4) Add Burp and ZAP Extensions page
2020-04-10 10:48:38 -06:00
## Contribute and Contributor
### Usage of add-tool
```
./add-tool
Usage of ./add-tool:
-isFirst
if you add new type, it use
-url string
any url
```
### Three Procedures for the Contribute
- First, your tool append `data.json` using `add-tool
```
$ ./add-tool -url https://github.com/sqlmapproject/sqlmap
Successfully Opened type.lst
[0] Army-Knife
[1] Discovery
[2] Fetch
[3] Scanner
[4] Utility
[+] What is type?
3
Scanner
[+] What is method(e.g XSS, WVS, SSL, ETC..)?
SQL
Successfully Opened data.json
```
- Second, Give me PR or Add issue with data.json<br>
- Third, There's no third.
### Add Burp Suite or ZAP Extensions
in `WebHackersWeapons/Burp and ZAP Extensions` directory
```
$ ../add-tool -url https://github.com/nccgroup/BurpSuiteLoggerPlusPlus
```
### Distribute to Burp Suite or ZAP Extensions
```
$ ../distribute-readme
=> show new README file in Burp Suite or ZAP Extensions
```
### Add/Distribute common tools
https://github.com/hahwul/WebHackersWeapons#contribute-and-contributor