The Leading Web application testing tool on the market. Has a community edition that is free and handy for basic web app testing and CTF level functionality. Also has a pro version that has advanced features like a powerful brute forcing too, vulnerability scanner and access to more extensions.
Burp Commander - Ruby command-line interface to Burp Suite's REST API
https://burpsuite.guide/ - Get information on the usage of extensions along with other tips and tricksc
IntruderPayloads - A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Dashboard - Burp's dashboard lets you control and monitor Burp's automated activity:
Target - The Target tool contains the site map, with detailed information about your target applications. It lets you define which targets are in scope for your current work, and also lets you drive the process of testing for vulnerabilities.
Proxy - Burp Proxy lies at the heart of Burp's user-driven workflow, and lets you intercept, view, and modify all requests and responses passing between your browser and destination web servers.
Intruder - Burp Intruder is a powerful tool for automating customized attacks against web applications. It can be used to automate all kinds of tasks that may arise during your testing.
Repeater - Burp Repeater is a simple tool for manually manipulating and reissuing individual HTTP requests, and analyzing the application's responses. You can send a request to Repeater from anywhere within Burp, modify the request and issue it over and over.
Sequencer - Burp Sequencer is a tool for analyzing the quality of randomness in a sample of data items. You can use it to test an application's session tokens or other important data items that are intended to be unpredictable, such as anti-CSRF tokens, password reset tokens, etc.
Decoder - Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognizing several encoding formats using heuristic techniques.
HUNT - HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions, collected by Bug Crowd.
BurpBounty - This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive Burp Suite scanner by means of personalized rules through a very intuitive graphical interface.
Burp Bounty Pro - Premium bundle of vulnerabilites to scan for.
Active Scan++ - Burp Scanner automates the task of scanning web sites for content and vulnerabilities. Depending on configuration, the Scanner can crawl the application to discover its content and functionality, and audit the application to discover vulnerabilities. Active Scan++ is an extension that expands the scanning capabilities of Burp Suite.
Burp-Send-To - Adds a customizable "Send to..."-context-menu to your Burp Suite. Handy for easily sending data into another tool like SQLmap
Turbo Intruder - Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. It's intended to complement Burp Intruder by handling attacks that require extreme speed or complexity.
burp-exporter - Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming languages functions.
Flow - History of all burp tools, extensions and tests. Handy to pull all your results together
Decoder Improved - Decoder Improved is a data transformation plugin for Burp Suite that better serves the varying and expanding needs of information security professionals.
web3-decoder - Web3 Decoder is a Burp Suite Extension that helps to analyze what is going on with the operations involving smart contracts of the web3. This is mainly JSON-RPC calls to Ethereum Nodes, and nodes of other compatible networks (like Polygon, Arbitrum, BSC...)
WSDLer - This extension takes a WSDL request, parses out the operations that are associated with the targeted web service, and generates SOAP requests that can then be sent to the SOAP endpoints.
WSDL Wizard: This extension scans a target server for WSDL files. After performing normal mapping of an application’s content, right click on the relevant target in the site map, and choose “Scan for WSDL files” from the context menu. The extension will search the already discovered contents for URLs with the .wsdl file extension, and guess the locations of any additional WSDL files based on the file names known to be in use. The results of the scanning appear within the extension’s output tab in the Burp Extender tool.