BurpSmartBuster Logo

BurpSmartBuster

0
Free
Visit Website

BurpSmartBuster A Burp Suite content discovery plugin that add the smart into the Buster! Installation Now inside Burp Suite Store Or See Wiki page for manual installation Features Looks for files, directories and file extensions based on current requests received by Burp Suite Checks for: Directories in the current URL directories Files in the current URL directories Replace and add extension to current files Add suffix and prefix to current files Easy and documented code Verbose and logging Todos In progress: Technological and environment checks (PHP, IIS, Apache, SharePoint, etc.) In progress: Community data Limit Thread speed Use the spidering results for actual brute forcing Presentations and release date BSB was released on August 6th 2016 at DEF CON 24 Demolabs in the Grand Salon. An updated talk about the tool and it's future has been done at Derbycon 6.0. French version of the talk given at Hackfest.ca 2016 Code workflow and options See the Presentation PDF. More information to come in the wiki.

FEATURES

ALTERNATIVES

A SaaS-based web application firewall that combines signature and behavioral-based threat detection to protect applications deployed across cloud, on-premises and edge environments.

Kiterunner is a tool for lightning-fast traditional content discovery and bruteforcing API endpoints in modern applications.

ARM TrustZone provides a secure execution environment for applications on ARM processors.

Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.

A security feature to prevent unexpected manipulation of fetched resources.

XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.

Tracee is a runtime security and observability tool using eBPF technology.

Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits

PINNED

ImmuniWeb® Discovery Logo

ImmuniWeb® Discovery

ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Attack Surface Management
InfoSecHired Logo

InfoSecHired

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Resources
Mandos Brief Newsletter Logo

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Resources
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Check Point CloudGuard WAF Logo

Check Point CloudGuard WAF

A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
Wiz Logo

Wiz

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Cloud Security