Need help with burpa?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

0x4D31
426 Stars 109 Forks GNU General Public License v3.0 26 Commits 5 Opened issues

Description

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Services available

!
?

Need anything else?

Contributors list

# 19,722
golang
Python
lambda
Amazon ...
22 commits
# 26,995
Raspber...
data-ex...
automat...
data-ex...
3 commits

burpa: Burp Automator

License: GPL v3

A Burp Suite Automation Tool

Requirements

Usage

$ python burpa.py -h

################################################### __
/ /_ __ _________ __ _ / __ / / / / _/ __ / __ `/ / // / // / / / // / // / /.__/_,// / ./_,/
/_/
burpa version 0.1 / by 0x4D31

################################################### usage: burpa.py [-h] [-a {scan,proxy-config,stop}] [-pP PROXY_PORT] [-aP API_PORT] [-rT {HTML,XML}] [-r {in-scope,all}] [-sR] [-sAT SLACK_API_TOKEN] [--include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]]] [--exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]] proxy_url

positional arguments: proxy_url Burp Proxy URL

optional arguments: -h, --help show this help message and exit -a {scan,proxy-config,stop}, --action {scan,proxy-config,stop} -pP PROXY_PORT, --proxy-port PROXY_PORT -aP API_PORT, --api-port API_PORT -rT {HTML,XML}, --report-type {HTML,XML} -r {in-scope,all}, --report {in-scope,all} -sR, --slack-report -sAT SLACK_API_TOKEN, --slack-api-token SLACK_API_TOKEN --include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]] --exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]

TEST:

$ python burpa.py http://127.0.0.1 --action proxy-config

################################################### __
/ /_ __ _________ __ _ / __ / / / / _/ __ / __ `/ / // / // / / / // / // / /.__/_,// / ./_,/
/_/
burpa version 0.1 / by 0x4D31

################################################### [+] Checking the Burp proxy configuration ... [-] Proxy configuration needs to be updated [+] Updating the Burp proxy configuration ... [-] Proxy configuration updated

$ python burpa.py http://127.0.0.1 --action scan --include-scope http://testasp.vulnweb.com --report in-scope --slack-report

################################################### __
/ /_ __ _________ __ _ / __ / / / / _/ __ / __ `/ / // / // / / / // / // / /.__/_,// / ./_,/
/_/
burpa version 0.1 / by 0x4D31

################################################### [+] Retrieving the Burp proxy history ... [-] Found 4 unique targets in proxy history [+] Updating the scope ... [-] http://testasp.vulnweb.com included in scope [+] Active scan started ... [-] http://testasp.vulnweb.com Added to the scan queue [-] Scan in progress: %100 [+] Scan completed [+] Scan issues for http://testasp.vulnweb.com:

  • Issue: Robots.txt file, Severity: Information
  • Issue: Cross-domain Referer leakage, Severity: Information
  • Issue: Cleartext submission of password, Severity: High
  • Issue: Frameable response (potential Clickjacking), Severity: Information
  • Issue: Password field with autocomplete enabled, Severity: Low
  • Issue: Cross-site scripting (reflected), Severity: High
  • Issue: Unencrypted communications, Severity: Low
  • Issue: Path-relative style sheet import, Severity: Information
  • Issue: Cookie without HttpOnly flag set, Severity: Low
  • Issue: File path traversal, Severity: High
  • Issue: SQL injection, Severity: High [+] Downloading HTML/XML report for http://testasp.vulnweb.com [-] Scan report saved to /tmp/burp-report_20170807-235135_http-testasp.vulnweb.com.html [+] Burp scan report uploaded to Slack

screenshot

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.