๐Ÿ› ๏ธ Tools

Burp Suite

Burp Suite is a graphical tool for testing Web application security. It is the de facto standard for web application penetration testing.

Key Features

  • Proxy: An intercepting proxy that allows you to inspect and to modify the traffic between your browser and the target application.
  • Scanner: An automated vulnerability scanner that can be used to find common web application vulnerabilities.
  • Intruder: A tool for automating customized attacks.
  • Repeater: A tool for manually testing an application by sending individual requests.
  • Sequencer: A tool for analyzing the randomness of session tokens.

Editions

  • Burp Suite Community: A free edition that includes the essential manual tools.
  • Burp Suite Professional: A commercial edition that includes the essential manual tools and the automated vulnerability scanner.
  • Burp Suite Enterprise: A commercial edition that is designed for automated scanning at scale.