10 plugins useful for web penetration testing :
Plugin 1 : H1 Report Finder
Usage: Finds public security reports published on Hackerone
Link of the repository : https://github.com/v1ll41n/H1-Report-Finder
Plugin 2 : WordPress Scanner
Usage: Finds known vulnerabilities in WordPress plugins and themes
Link of the repository : https://github.com/portswigger/wordpress-scanner
Plugin 3 : Pentest Mapper
Usage: Allows users to keep track of vulnerabilities and to map each flow to vulnerability with the custom checklist
Link of the repository : https://github.com/portswigger/pentest-mapper
Plugin 4 : Autowasp
Usage: Integrates Burp issues logging, with OWASP Web Security Testing Guide (WSTG)
Link of the repository : https://github.com/portswigger/autowasp
Plugin 5 : burp_bug_finder (developed by myself)
Usage: Discovers XSS and error based SQLi without user intervention
Link of the repository : https://github.com/lucsemassa/burp_bug_finder
Plugin 6 : Auth Analyzer
Usage: Finds authorization bug, broken access control
Link of the repository : https://github.com/portswigger/auth-analyzer
Plugin 7 : Active Scan ++
Usage: Identifies application behavior that may be of interest to advanced testers
Link of the repository : https://github.com/portswigger/active-scan-plus-plus
Plugin 8 : NoSQL Scanner
Usage: Provides a way to discover NoSQL injection vulnerabilities.
Link of the repository : https://github.com/portswigger/nosqli-scanner
Plugin 9 : Nuclei Burp Integration
Usage: Allows to run Nuclei Scanner directly from Burp and transforms JSON results into the issues
Link of the repository : https://github.com/portswigger/nuclei-burp-integration
Plugin 10 : Wordlist Extractor
Usage: Scrapes all unique words and numbers for use with password cracking
Link of the repository : https://github.com/portswigger/wordlist-extractor
#offensivesecurity #penetrationtesting #webpenetrationtesting #burpsuite #webvulnerabilities #owasp #bugbunty
