BurpSmartBuster is a Burp Suite plugin designed for content discovery during web application security testing. The plugin enhances traditional directory and file brute forcing by analyzing current requests received by Burp Suite to make intelligent decisions about what to search for. The tool performs several types of content discovery: - Searches for directories within the current URL path structure - Identifies files in discovered directories - Tests file extension variations by replacing and adding extensions to existing files - Applies suffix and prefix modifications to current files BurpSmartBuster integrates directly with Burp Suite's workflow, using information from intercepted requests to guide its discovery process. This approach aims to reduce noise and improve the relevance of discovered content compared to traditional brute force methods. The plugin includes logging and verbose output options for detailed analysis of discovery results. Future development plans include technological environment detection (PHP, IIS, Apache, SharePoint), community-driven data integration, and enhanced spidering integration for more targeted brute forcing.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.