Open Source Burp Suite AlternativesTop Vulnerability Scanners and other similar apps like Burp Suite

The best open source alternative to Burp Suite is mitmproxy. If that doesn't suit you, our users have ranked more than 25 alternatives to Burp Suite and eight of them is open source so hopefully you can find a suitable replacement. Other interesting open source alternatives to Burp Suite are Zed Attack Proxy (ZAP), SiteOne Crawler, HTTP Toolkit and w3af.

More about Burp Suite
Copy a direct link to this comment to your clipboard
Burp Suite alternatives page was last updated

Alternatives list

  1. mitmproxy icon

    mitmproxy

     78 likes

    mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly. It also features mitmdump, a commandline tool that provides a tcpdump-like interface for saving, viewing and...

    24 mitmproxy alternatives

    Cost / License

    • Free
    • Open Source (MIT)

    Application types

    Platforms

    • Mac
    • Windows
    • Linux
    • Flathub
    • Flatpak
    mitmweb
     
  4. SiteOne Crawler icon

    SiteOne Crawler

     21 likes

    A free in-depth website analyzer providing audits of security, performance, SEO, accessibility and other technical aspects. Available as a desktop application for Windows/macOS/Linux and as a CLI tool for advanced users and CI/CD processes. It also includes an offline web page exporter.

    Cost / License

    • Free
    • Open Source (MIT)

    Application types

    Platforms

    • Mac
    • Windows
    • Linux
    A collage showing the graphical interface and crawler output
     
  5. HTTP Toolkit icon

    HTTP Toolkit

     93 likes

    HTTP Toolkit is a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client, with built-in support for modern tools and automatic interception for clients from Docker to Android to iOS.

    51 HTTP Toolkit alternatives

    Cost / License

    Application types

    Platforms

    • Mac
    • Windows
    • Linux
    • Android
    • iPhone
    • Docker
    HTTP Toolkit screenshot 1
     
  6. w3af icon

    w3af

     16 likes

    w3af is a Web Application Attack and Audit Framework.

    Cost / License

    • Free
    • Open Source

    Platforms

    • Windows
    • Linux
    Main screen with OSWASP_TOP10 testing profile selected.
     
  7. nuclei icon

    nuclei

     2 likes

    Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc.

    24 nuclei alternatives

    Cost / License

    • Free
    • Open Source (MIT)

    Application type

    Platforms

    • Mac
    • Windows
    • Linux
    How it works
     
  9. Lonkero icon

    Lonkero

     1 like

    Lonkero is a high-performance web vulnerability scanner built in Rust for penetration testers and bug bounty hunters who are tired of slow, bloated tools that generate hundreds of false positives.

    Cost / License

    • Freemium
    • Open Source

    Application types

    Platforms

    • Mac
    • Windows
    • Linux
    • Self-Hosted
    • Rust
    Lonkero screenshot 1
     
  10. Tamper Data icon

    Tamper Data

     5 likes

    Firefox add-on that lets you change headers and request parameters before they're sent to the server. Unlike proxy request modifiers, it's integrated into the browser, so it has no problem with HTTPS connections, client authentication certificates, or other features that...

    8 Tamper Data alternatives

    Cost / License

    • Free
    • Open Source

    Application type

    Alerts

    • Discontinued

    Platforms

    • Mac
    • Windows
    • Linux
    • Firefox
    Request modification view
     
8 of 8 Burp Suite alternatives