Features:

• Free and open source

• Works on both Free and Pro versions of Burp (except where Free version limits functionality, e.g. Intruder rate limits)

• Lightweight with respect to memory and CPU utilization

• Avoid third party library dependencies

• Help available (online help, examples, etc…)

Suite Modules:

• SQLMapper - It provides an interface to the popular SQLMap tool for discovering and exploiting SQL Injection flaws. SQLMapper improves the efficiency of using SQLMap during a web penetration test.

• User Generator - This module uses name statistics to generate names or usernames. First name statistics are based on date ranges of common baby names. Last name statistics are based on census data.

• Name Mangler - Given a short list of first and last names, the name mangler will put them together in different orders and with different separation characters to generate a potential list of usernames.

• CeWLer - This tool is based on the popular CeWL - Custom Word List generator, by DigiNinja. Rather than re-crawling the site, this module pulls words from existing Burp history.

• Masher - Given a list of dictionary words and a password specification, Masher will begin generating potential passwords that can be used with Burp Intruder. This is a useful tool for generating a custom password dictionary for login forms that do not have effective lockout mechanisms.

• BasicAuther - Given a set of usernames and password this tool will generate a list of encoded payloads that can be submitted directly into the BASIC auth position of a request in Intruder.