dobin/BurpSentinel

Stars
145
Rank 254,144 (Top 6 %)
Language
Java
License
GNU General Publi...
Created over 11 years ago
Updated over 7 years ago

dobin/BurpSentinel

dobin

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

GUI Burp Plugin to ease discovering of security holes in web applications

Burp Sentinel

Eases discovery of common security holes in web applications.

Intro / tutorial: https://github.com/dobin/BurpSentinel/wiki/BurpSentinel---HowTo-and-introduction
Blog: http://dobin.github.io/

With BurpSentinel it is possible for the penetration tester to quickly and easily send a lot of malicious requests to parameters of a HTTP request. Not only that, but it also shows a lot of information of the HTTP responses, corresponding to the attack requests. Its easy to find low-hanging fruits and hidden vulnerabilities like this, and allows the tester to focus on more important stuff!

Features

Attack payloads already inside
Identification of reflected XSS, and stored XSS
Identification of SQL injections (non-blind)
Indicators and visual aid for the user to identify blind/fullblind SQL injections
Diff original and modified requests easily

Other

What it cannot do:

Find DOM Injections
Exploit vulnerabilities

Alternatives:

Ironwasp (www.ironwasp.org, .NET)
Wfuzz (www.edge-security.com/wfuzz.php, Python)

avred

Analyse your malware to surgically obfuscate it

lxd-webgui

A lightweight web frontend for LXD

antnium

A C2 framework for initial access in Go

yookiterm-slides

Exploitation and Mitigation Slides

ffw

A fuzzing framework for network servers

yookiterm-challenges

The challenge writeups and solutions for yookiterm-challenge-files

yookiterm-challenges-files

Challenge files which are deployed in the container for the user

avred-server

The AMSI server for Avred

clang-cfi-safestack-analysis

antniumui

ace-firefist

Attack chain emulator. Write recipes for initial access easily

rosenbridge

A graphical user interface for Magic Wormhole file transfer

SentinelTestbed

Vulnerable web site. Used to test sentinel features.

yookiterm-server

Main yookiterm backend

ffw-docker

Docker image of FFW

ffweb

A webgui to view crash information of fuzzing runs (FFW)

tinysploit2-writeup

Solution and writeup for tinysploit2 challenge

waasa

Windows Application Attack Surface Analyzer

xrop-esp32

Patched xrop to support ESP32 architecture for gadget aquisition

nkeyrollover

ASCII side-scrolling beat-em-up game

yookiterm

yookiterm web frontend

yookiterm-lxdserver

Yookiterm LXD backend server

dmsr

Does My Shit Run - Linux Monitoring Solution

ipsctrainor

arduino IPSC trigger trainer

ROPNotepadNG

Exploitlab ROPNotepad extended

zeroballistics

xtarget

Python OpenCL project to use with Laser bullets including augmented reality

asanparser

proxybypasser

Bypass proxy download restrictions with JavaScript download

godot-srcvis