BurpSmartBuster
BurpSmartBuster A Burp Suite content discovery plugin that add the smart into the Buster! Installation Now inside Burp Suite Store Or See Wiki page for manual installation Features Looks for files, directories and file extensions based on current requests received by Burp Suite Checks for: Directories in the current URL directories Files in the current URL directories Replace and add extension to current files Add suffix and prefix to current files Easy and documented code Verbose and logging Todos In progress: Technological and environment checks (PHP, IIS, Apache, SharePoint, etc.) In progress: Community data Limit Thread speed Use the spidering results for actual brute forcing Presentations and release date BSB was released on August 6th 2016 at DEF CON 24 Demolabs in the Grand Salon. An updated talk about the tool and it's future has been done at Derbycon 6.0. French version of the talk given at Hackfest.ca 2016 Code workflow and options See the Presentation PDF. More information to come in the wiki.
FEATURES
ALTERNATIVES
Backslash Security is an application security platform that uses reachability analysis to enhance SAST and SCA, prioritize vulnerabilities, and provide remediation guidance.
A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.
A tool for identifying and extracting parameters from HTTP requests and responses
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
Prevents you from committing passwords and other sensitive information to a git repository.
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application for client-server communication with numerous vulnerabilities.
YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.