caido
Autorize
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
caido
-
Autorize – The most popular tool to discover AuthZ/AuthN flaws
Caido[1] a interception proxy written in Rust, is positioning itself as a "lightweight" alternative to Burp. It can't compete yet with Burp in terms of functionality, although it's certainly looking promising.
Perhaps one of few contenders to Burp in respect to features is ZAP[2].
[1] https://caido.io/
[2] https://www.zaproxy.org/
-
Show HN: Pākiki Proxy – An intercepting proxy for penetration pesting
Thanks for the review and kind words. This was really one of the core goal to make it super accessible.
We developed it in Rust because we wanted to create a client/server architecture that you can deploy everywhere (Caido runs even on a rapsberry pi). We worked a lot on the frontend to make it snappy too, so its a combination of both.
Yes for sure, there is a privacy concern too with us forwarding request. It is in the issues of https://github.com/caido/caido.
-
Good alternative to postman ?
I have not tried it myself, but there is a tool called Caido https://www.youtube.com/watch?v=qLVu7rg9btk
-
Public beta of Caido, a BurpSuite alternative
Yes we are planning to work on extensions, but it is a bit more complicated to do in compiled languages like Rust and we have some tech debt to repay before we can start the work on that. You can follow the issue https://github.com/caido/caido/issues/2
- Show HN: Caido, a lightweight web security auditing toolkit
Autorize
- Autorize – The most popular tool to discover AuthZ/AuthN flaws
-
Plugins that allow you to automate the Authentication and Authorization Security Testin
View on GitHub
-
Plugins that allow you to automate the Authentication and Authorization Security Testing
Autorize (For Burp Suite): https://github.com/Quitten/Autorize
What are some alternatives?
offensive-docker - Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
PyCript - Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty
Proxyman - Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
Pentest-Mapper - A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities
ZAP - The ZAP core project
Burp2Malleable - Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
murder - Large scale server deploys using BitTorrent and the BitTornado library
Hoppscotch - Open source API development ecosystem.
hetty - An HTTP toolkit for security research.
dirsearch - Web path scanner