Skip to content

The propose of the script is an scan using the burp-api-api for Burp Suite that will use target files.

License

Notifications You must be signed in to change notification settings

marcositu/scan-burp-suite-cmd

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

The propose of this script is scan using the burp-rest-api for Burp Suite that will use target files.

For the proper functioning it’s necessary the following tool: https://github.com/vmware/burp-rest-api and command screen.

The script reads the config.ini file where it is configured:

  • folderrestapi = Folder where burp-rest-api is located (e.g. -> /home/user/burp-rest-api/)
  • telegrambot = Here you must enter yes (to send notification via telegram) or no
  • token = Telegram token (e.g. -> 123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11 )
  • chatid = Telegram chat id (e.g. -> 11111 )
  • downloadreport = Number of seconds to wait before cancelling the scan and downloading the report (e.g. -> 3600)

The procedure usage of the script is the following:

  • We use as an argument a file with the hosts.
  • The script adds each host to spider.
  • Once the scan is completed, there are reports in xml and html.
  • Then we parse the xml and save the results in SQLite.
  • Once each scan is completed is sending the vulnerabilities identified.
  • When a scan is finished, an alert message is sent via Telegram specifying the host and the number of identified vulnerabilities

Example:

# python3 scan-burp-suite-cmd.py domains.txt

By now it works only in Linux, we will provide support for Mac and Windows soon.

Sorry about the code, I’m not good developing.

About

The propose of the script is an scan using the burp-api-api for Burp Suite that will use target files.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages