Uncategorized

burpa: Burp Automator

A Burp Suite Automation Tool

Requirements

burp-rest-api
Burp Suite Professional
slackclient
Usage

$ python burpa.py -h

###################################################
__
/ /_ __ ___________ ____ _
/ __ \/ / / / ___/ __ \/ __ `/
/ /_/ / /_/ / / / /_/ / /_/ /
/_.___/\__,_/_/ / .___/\__,_/
/_/
burpa version 0.1 / by 0x4D31

###################################################
usage: burpa.py [-h] [-a {scan,proxy-config}] [-pP PROXY_PORT] [-aP API_PORT]
[-rT {HTML,XML}] [-r {in-scope,all}]
[–include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE …]]]
[–exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE …]]]
proxy_url

positional arguments:
proxy_url Burp Proxy URL

optional arguments:
-h, –help show this help message and exit
-a {scan,proxy-config}, –action {scan,proxy-config}
-pP PROXY_PORT, –proxy-port PROXY_PORT
-aP API_PORT, –api-port API_PORT
-rT {HTML,XML}, –report-type {HTML,XML}
-r {in-scope,all}, –report {in-scope,all}
–include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE …]]
–exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE …]]
TEST:

$ python burpa.py http://127.0.0.1 –action proxy-config

###################################################
__
/ /_ __ ___________ ____ _
/ __ \/ / / / ___/ __ \/ __ `/
/ /_/ / /_/ / / / /_/ / /_/ /
/_.___/\__,_/_/ / .___/\__,_/
/_/
burpa version 0.1 / by 0x4D31

###################################################
[+] Checking the Burp proxy configuration …
[-] Proxy configuration needs to be updated
[+] Updating the Burp proxy configuration …
[-] Proxy configuration updated

$ python burpa.py http://127.0.0.1 –action scan –include-scope http://testasp.vulnweb.com

###################################################
__
/ /_ __ ___________ ____ _
/ __ \/ / / / ___/ __ \/ __ `/
/ /_/ / /_/ / / / /_/ / /_/ /
/_.___/\__,_/_/ / .___/\__,_/
/_/
burpa version 0.1 / by 0x4D31

###################################################
[+] Retrieving the Burp proxy history …
[-] Found 4 unique targets in proxy history
[+] Updating the scope …
[-] http://testasp.vulnweb.com included in scope
[+] Active scan started …
[-] http://testasp.vulnweb.com Added to the scan queue
[-] Scan in progress: %100
[+] Scan completed
[+] Scan issues for http://testasp.vulnweb.com:
– Issue: Robots.txt file, Severity: Information
– Issue: Cross-domain Referer leakage, Severity: Information
– Issue: Cleartext submission of password, Severity: High
– Issue: Frameable response (potential Clickjacking), Severity: Information
– Issue: Password field with autocomplete enabled, Severity: Low
– Issue: Cross-site scripting (reflected), Severity: High
– Issue: Unencrypted communications, Severity: Low
– Issue: Path-relative style sheet import, Severity: Information
– Issue: Cookie without HttpOnly flag set, Severity: Low
– Issue: File path traversal, Severity: High
– Issue: SQL injection, Severity: High
[+] Downloading HTML/XML report for http://testasp.vulnweb.com
[-] Scan report saved to /tmp/burp-report_20170807-235135_http-testasp.vulnweb.com.html
[+] Burp scan report uploaded to Slack

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s