Tools

Static code analysis

Find Security Bugs : Static analysis tool for Java/Scala/Groovy web applications.

Roslyn Security Guard : Static analysis tool for C#/VB.net applications.

Burp extensions

Reissue Request Scripter : Plugin to generate scripts that reproduce requests intercepted.

Image Metadata : Plugin that extract metadata from images (integrate existing libraries metadata-extractor and PNGJ).

Retire.js : Plugin to identify vulnerable JavaScript library (based on Retire.js repository).

CSP Auditor: Plugin to analyse Content-Security-Policy headers. It also generate CSP configuration based on the traffic intercepted for a given domain.

NTLM Challenge Decoder: Burp extension to decode NTLM SSP headers and extract domain/host information

Fuzzy Encoding Generator: Quickly test various encoding for a given value in Burp Intruder

PDF Viewer: Additional tab to preview PDF files directly in Burp.

Rhinauditor (deprecated): Plugin to do static analysis on client-side JavaScript code. This plugin is experimental and it is in a very early development stage.