Tools


Static code analysis


  • Find Security Bugs : Static analysis tool for Java/Scala/Groovy web applications.
  • Roslyn Security Guard : Static analysis tool for C#/VB.net applications.

  • Burp extensions


  • Reissue Request Scripter : Plugin to generate scripts that reproduce requests intercepted.
  • Image Metadata : Plugin that extract metadata from images (integrate existing libraries metadata-extractor and PNGJ).
  • Retire.js : Plugin to identify vulnerable JavaScript library (based on Retire.js repository).
  • CSP Auditor: Plugin to analyse Content-Security-Policy headers. It also generate CSP configuration based on the traffic intercepted for a given domain.
  • NTLM Challenge Decoder: Burp extension to decode NTLM SSP headers and extract domain/host information
  • Fuzzy Encoding Generator: Quickly test various encoding for a given value in Burp Intruder
  • PDF Viewer: Additional tab to preview PDF files directly in Burp.
  • Rhinauditor (deprecated): Plugin to do static analysis on client-side JavaScript code. This plugin is experimental and it is in a very early development stage.