Burpa – A Burp Suite Automation Tool

0
153
Burpa – A Burp Suite Automation Tool

A Burp Suite Automation Tool With Slack Integration.

Requirements


Usage

$ python burpa.py -h

###################################################
            __                          
           / /_  __  ___________  ____ _
          / __ / / / / ___/ __ / __ `/
         / /_/ / /_/ / /  / /_/ / /_/ / 
        /_.___/__,_/_/  / .___/__,_/  
                        /_/             
         burpa model 0.1 / by 0x4D31  

###################################################
utilization: burpa.py [-h] [-a {scan,proxy-config,stop}] [-pP PROXY_PORT]
                [-aP API_PORT] [-rT {HTML,XML}] [-r {in-scope,all}] [-sR]
                [-sAT SLACK_API_TOKEN]
                [--include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]]]
                [--exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]]
                proxy_url

positional arguments:
  proxy_url             Burp Proxy URL

non-compulsory arguments:
  -h, --help            present this assist message and exit
  -a {scan,proxy-config,cease}, --action {scan,proxy-config,cease}
  -pP PROXY_PORT, --proxy-port PROXY_PORT
  -aP API_PORT, --api-port API_PORT
  -rT {HTML,XML}, --report-sort {HTML,XML}
  -r {in-scope,all}, --report {in-scope,all}
  -sR, --slack-report
  -sAT SLACK_API_TOKEN, --slack-api-token SLACK_API_TOKEN
  --include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]]
  --exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]

TEST:

$ python burpa.py http://127.0.0.1 --action proxy-config

###################################################
            __                          
           / /_  __  ___________  ____ _
          / __ / / / / ___/ __ / __ `/
         / /_/ / /_/ / /  / /_/ / /_/ / 
        /_.___/__,_/_/  / .___/__,_/  
                        /_/             
         burpa model 0.1 / by 0x4D31  

###################################################
[+] Checking the Burp proxy configuration ...
[-] Proxy configuration must be up to date
[+] Updating the Burp proxy configuration ...
[-] Proxy configuration up to date

$ python burpa.py http://127.0.0.1 --action scan --include-scope http://testasp.vulnweb.com --report in-scope --slack-report

###################################################
            __                          
           / /_  __  ___________  ____ _
          / __ / / / / ___/ __ / __ `/
         / /_/ / /_/ / /  / /_/ / /_/ / 
        /_.___/__,_/_/  / .___/__,_/  
                        /_/             
         burpa model 0.1 / by 0x4D31  

###################################################
[+] Retrieving the Burp proxy historical past ...
[-] Found four distinctive targets in proxy historical past
[+] Updating the scope ...
[-] http://testasp.vulnweb.com included in scope
[+] Active scan began ...
[-] http://testasp.vulnweb.com Added to the scan queue
[-] Scan in progress: %100
[+] Scan accomplished
[+] Scan points for http://testasp.vulnweb.com:
  - Issue: Robots.txt file, Severity: Information
  - Issue: Cross-domain Referer leakage, Severity: Information
  - Issue: Cleartext submission of password, Severity: High
  - Issue: Frameable response (potential Clickjacking), Severity: Information
  - Issue: Password subject with autocomplete enabled, Severity: Low
  - Issue: Cross-site scripting (mirrored), Severity: High
  - Issue: Unencrypted communications, Severity: Low
  - Issue: Path-relative model sheet import, Severity: Information
  - Issue: Cookie with out HttpOnly flag set, Severity: Low
  - Issue: File path traversal, Severity: High
  - Issue: SQL injection, Severity: High
[+] Downloading HTML/XML report for http://testasp.vulnweb.com
[-] Scan report saved to /tmp/burp-report_20170807-235135_http-testasp.vulnweb.com.html
[+] Burp scan report uploaded to Slack

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.