Burpsuite for pentester

Burpsuite plugins for pentesters

10 plugins useful for web penetration testing :

Plugin 1 : H1 Report Finder
Usage: Finds public security reports published on Hackerone
Link of the repository : https://github.com/v1ll41n/H1-Report-Finder

Plugin 2 : WordPress Scanner
Usage: Finds known vulnerabilities in WordPress plugins and themes
Link of the repository : https://github.com/portswigger/wordpress-scanner

Plugin 3 : Pentest Mapper
Usage: Allows users to keep track of vulnerabilities and to map each flow to vulnerability with the custom checklist
Link of the repository : https://github.com/portswigger/pentest-mapper

Plugin 4 : Autowasp
Usage: Integrates Burp issues logging, with OWASP Web Security Testing Guide (WSTG)
Link of the repository : https://github.com/portswigger/autowasp

Plugin 5 : burp_bug_finder (developed by myself)
Usage: Discovers XSS and error based SQLi without user intervention
Link of the repository : https://github.com/lucsemassa/burp_bug_finder

Plugin 6 : Auth Analyzer
Usage: Finds authorization bug, broken access control
Link of the repository : https://github.com/portswigger/auth-analyzer

Plugin 7 : Active Scan ++
Usage: Identifies application behavior that may be of interest to advanced testers
Link of the repository : https://github.com/portswigger/active-scan-plus-plus

Plugin 8 : NoSQL Scanner
Usage: Provides a way to discover NoSQL injection vulnerabilities.
Link of the repository : https://github.com/portswigger/nosqli-scanner

Plugin 9 : Nuclei Burp Integration
Usage: Allows to run Nuclei Scanner directly from Burp and transforms JSON results into the issues
Link of the repository : https://github.com/portswigger/nuclei-burp-integration

Plugin 10 : Wordlist Extractor
Usage: Scrapes all unique words and numbers for use with password cracking
Link of the repository : https://github.com/portswigger/wordlist-extractor


#offensivesecurity #penetrationtesting #webpenetrationtesting #burpsuite #webvulnerabilities #owasp #bugbunty

Share this post

About the author


Offensive Security Experienced Penetration Tester (OSEP)
Offensive Security Web Expert (OSWE)
Offensive Security Certified Professional (OSCP)
Certified Soc Analyst (CSA)
Certified Ethical Hacker (CEH)
Web Developer

View all posts

Leave a Reply

Your email address will not be published. Required fields are marked *