Python script to launch burp scans automatically

Related tags

General UtilitiesSimpleAutoBurp
Overview

SimpleAutoBurp

Python script that takes a config.json file as config and uses Burp Suite Pro to scan a list of websites.

This script is a simplification of AutoScanWithBurp, also AutoScanWithBurp uses an extension to execute the scan and Burp state files that were deprecated in 2018.

SimpleAutoBurp uses the new Burp API and Burp project files. Authenticated Burp scans and Nikto are not yet implemented.

Configure

The script needs a config.json with the configuration, here we have an example:

{
    "sites" : [{
        "scanURL" : "https://test-xss.000webhostapp.com",
        "project" : "/home/ec2-user/BurpSuitePro/2021-07-11-Test_1.burp",
        "apikey" : "APIKEY"
      },
      {
        "scanURL" : "http://test-xss.000webhostapp.com",
        "project" : "/home/ec2-user/BurpSuitePro/2021-07-11-Test_1.burp",
        "apikey" : "APIKEY"
      }
    ],
    "burpConfigs" : [{
        "memory" : "2048m",
        "headless" : "true",
        "java" : "/home/ec2-user/BurpSuitePro/jre/bin/java",
        "burpJar" : "/home/ec2-user/BurpSuitePro/burpsuite_pro.jar",
        "retry" : 5,
        "logPath" : "/home/ec2-user/BurpSuitePro/",
        "logfileName" : "SimpleAutoBurp",
        "loglevel" : "debug",
        "ScanOutput" : "/home/ec2-user/ScanOutput/"
      }
      ]
}
  • Site (the config file can contain multiple sites):
    • scanURL: URL to scan.
    • project: Path to a Burp project files.
    • apikey: Burp API Key. User options - Misc - REST API, enable the service and create a new API Key. More info here.
  • burpConfigs
    • memory: Maximum amount of memory.
    • headless: Enable or disable headless mode.
    • java: Path to the Java binary.
    • burpJar: Path to the Burp Suite JAR file.
    • retry: How many times, the script will try to check if burp is up and running.
    • logPath: Path of the log file.
    • logfileName: Name of the log file.
    • loglevel: Log Level (DEBUG INFO WARNING ERROR CRITICAL).
    • ScanOutput: Path to results

Execute

SimpleAutoBurp.py /home/ec2-user/config.json

Schedule Scan

This script can be scheduled to execute using crontab in *nix systems like this:

0 2 * * * ec2-user /usr/bin/python3.7 /home/ec2-user/SimpleAutoBurp.py /home/ec2-user/config.json

Output

The script generates a log of the execution and a file with a json that includes information about all the vulnerabilities found. It only shows vulnerabilities detected in this scan and not detected previously.

Recommendations

To improve the results of the scan enable extensions like:

  • Active Scans++
  • Software Vulnerability Scanner
  • Backslash Powered Scanner
  • Additional Scanner Checks
  • Error Message Checks
Owner
Adan Álvarez
Adan Álvarez
GitHub Repository
A string to hashtags module

A string to hashtags module

Fayas Noushad 4 Dec 01, 2021
Check username

Checker-Oukee Check username It checks the available usernames and creates a new account for them Doesn't need proxies Create a file with usernames an

4 Jun 05, 2022
Functional UUIDs for Python.

🏷️FUUID stands for Functional Universally Unique IDentifier. FUUIDs are compatible with regular UUIDs but are naturally ordered by generation time, collision-free and support succinct representations

Phil Demetriou 147 Oct 27, 2022
osqueryIR is an artifact collection tool for Linux systems.

osqueryIR osqueryIR is an artifact collection tool for Linux systems. It provides the following capabilities: Execute osquery SQL queries Collect file

AbdulRhman Alfaifi 7 Nov 02, 2022
This tool lets you perform some quick tasks for CTFs and Pentesting.

This tool lets you convert strings and numbers between number bases (2, 8, 10 and 16) as well as ASCII text. You can use the IP address analyzer to find out details on IPv4 and perform abbreviation a

Ayomide Ayodele-Soyebo 1 Jul 16, 2022
async parser for JET

This project is mainly aims to provide an async parsing option for NTDS.dit database file for obtaining user secrets.

15 Mar 08, 2022
A collection of tools for biomedical research assay analysis in Python.

waltlabtools A collection of tools for biomedical research assay analysis in Python. Key Features Analysis for assays such as digital ELISA, including

Tyler Dougan 1 Apr 18, 2022
JavaScript to Python Translator & JavaScript interpreter written in 100% pure Python🚀

Pure Python JavaScript Translator/Interpreter Everything is done in 100% pure Python so it's extremely easy to install and use. Supports Python 2 & 3.

Piotr Dabkowski 2.1k Dec 30, 2022
An URL checking python module

An URL checking python module

Fayas Noushad 6 Aug 10, 2022
A work in progress box containing various Python utilities

python-wipbox A set of modern Python libraries under development to simplify the execution of reusable routines by different projects. Table of Conten

Deepnox 2 Jan 20, 2022
Tools to connect to and interact with the Mila cluster

milatools The milatools package provides the mila command, which is meant to help with connecting to and interacting with the Mila cluster. Install Re

Mila 32 Dec 01, 2022
A dictionary that can be flattened and re-inflated

deflatable-dict A dictionary that can be flattened and re-inflated. Particularly useful if you're interacting with yaml, for example. Installation wit

Lucas Sargent 2 Oct 18, 2021
Python lightweight dependency injection library

pythondi pythondi is a lightweight dependency injection library for python Support both sync and async functions Installation pip3 install pythondi Us

Hide 41 Dec 16, 2022
Python program to do with percentages and chances, random generation.

Chances and Percentages Python program to do with percentages and chances, random generation. What is this? This small program will generate a list wi

n0 3 Jul 15, 2021
This script allows you to retrieve all functions / variables names of a Python code, and the variables values.

Memory Extractor This script allows you to retrieve all functions / variables names of a Python code, and the variables values. How to use it ? The si

Venax 2 Dec 26, 2021
This program organizes automatically files in folders named as file's extension

Auto Sorting System by Sergiy Grimoldi - V.0.0.2 This program organizes automatically files in folders named as file's extension How to use the code T

Sergiy Grimoldi 1 Jan 07, 2022
A repo for working with and building daos

DAO Mix DAO Mix About How to DAO No Code Tools Getting Started Prerequisites Installation Usage On-Chain Governance Example Off-Chain governance Examp

Brownie Mixes 86 Dec 19, 2022
The Black shade analyser and comparison tool.

diff-shades The Black shade analyser and comparison tool. AKA Richard's personal take at a better black-primer (by stealing ideas from mypy-primer) :p

Richard Si 10 Apr 29, 2022
Simple code to generate a password for your account!

Password-Generator Simple code to generate a password for your account! Password Generator for passwords for your accounts or anything else! This code

DEEM 1 Jun 05, 2022
These scripts look for non-printable unicode characters in all text files in a source tree

find-unicode-control These scripts look for non-printable unicode characters in all text files in a source tree. find_unicode_control.py should work w

Siddhesh Poyarekar 25 Aug 30, 2022