0x00 Browser plug-in && BurpSuite missing scan plug-in
Introduction to browser plug-ins: Convenient plug
-ins for browsers can help us quickly locate target information while infiltrating or collecting information . log4j, welogic framework, etc.
0x01 browser convenient plug-in
(1) FOFA Pro View: According to the linkage query of fofa, the premise is to ensure the login status of fofa members. Currently, there are Google and Firefox versions
(2) Hack-Tools :
Features include:
Dynamic Reverse Shell Generator (PHP, Bash, Ruby, Python, Perl, Netcat)
Shell Generation (TTYShell Generation)
XSS Vulnerability Payload
Basic SQL Injection Vulnerability Payload
Local File Contains Vulnerability Payload (LFI)
Base64 Encoder/Decoder
Hash generator (MD5, SHA1, SHA256, SHA512)
Integrates various useful Linux commands (port forwarding, SUID)
RSSFeed (exploitation database and Cisco Security Advisory)
CVE vulnerability search engine
Filters and downloads data from remote machines method
(3) The penetration testing kit
carries fingerprint identification, data packet capture and replay, and data packet detection
0x03 BurpSuite passive scanning plugin
The BurpSuite scanning plug-in quickly helps to scan traffic packets on the number of detection packets. The following introduces
middleware-specific vulnerability scans including spring, fastjson, log4j, etc.
Project address:
https://github.com/bit4woo/Fiora
https://github.com/metaStor/SpringScan
https://github.com/Maskhe/FastjsonScan
https://github.com/bigsizeme/Log4j-check
https ://github.com/pmiaowu/BurpShiroPassiveScan
https://github.com/projectdiscovery/nuclei-burp-plugin