Python script to launch burp scans automatically

Overview

SimpleAutoBurp

Python script that takes a config.json file as config and uses Burp Suite Pro to scan a list of websites.

This script is a simplification of AutoScanWithBurp, also AutoScanWithBurp uses an extension to execute the scan and Burp state files that were deprecated in 2018.

SimpleAutoBurp uses the new Burp API and Burp project files. Authenticated Burp scans and Nikto are not yet implemented.

Configure

The script needs a config.json with the configuration, here we have an example:

{
    "sites" : [{
        "scanURL" : "https://test-xss.000webhostapp.com",
        "project" : "/home/ec2-user/BurpSuitePro/2021-07-11-Test_1.burp",
        "apikey" : "APIKEY"
      },
      {
        "scanURL" : "http://test-xss.000webhostapp.com",
        "project" : "/home/ec2-user/BurpSuitePro/2021-07-11-Test_1.burp",
        "apikey" : "APIKEY"
      }
    ],
    "burpConfigs" : [{
        "memory" : "2048m",
        "headless" : "true",
        "java" : "/home/ec2-user/BurpSuitePro/jre/bin/java",
        "burpJar" : "/home/ec2-user/BurpSuitePro/burpsuite_pro.jar",
        "retry" : 5,
        "logPath" : "/home/ec2-user/BurpSuitePro/",
        "logfileName" : "SimpleAutoBurp",
        "loglevel" : "debug",
        "ScanOutput" : "/home/ec2-user/ScanOutput/"
      }
      ]
}
  • Site (the config file can contain multiple sites):
    • scanURL: URL to scan.
    • project: Path to a Burp project files.
    • apikey: Burp API Key. User options - Misc - REST API, enable the service and create a new API Key. More info here.
  • burpConfigs
    • memory: Maximum amount of memory.
    • headless: Enable or disable headless mode.
    • java: Path to the Java binary.
    • burpJar: Path to the Burp Suite JAR file.
    • retry: How many times, the script will try to check if burp is up and running.
    • logPath: Path of the log file.
    • logfileName: Name of the log file.
    • loglevel: Log Level (DEBUG INFO WARNING ERROR CRITICAL).
    • ScanOutput: Path to results

Execute

SimpleAutoBurp.py /home/ec2-user/config.json

Schedule Scan

This script can be scheduled to execute using crontab in *nix systems like this:

0 2 * * * ec2-user /usr/bin/python3.7 /home/ec2-user/SimpleAutoBurp.py /home/ec2-user/config.json

Output

The script generates a log of the execution and a file with a json that includes information about all the vulnerabilities found. It only shows vulnerabilities detected in this scan and not detected previously.

Recommendations

To improve the results of the scan enable extensions like:

  • Active Scans++
  • Software Vulnerability Scanner
  • Backslash Powered Scanner
  • Additional Scanner Checks
  • Error Message Checks
Owner
Adan Álvarez
Adan Álvarez
A tool written in python to generate basic repo files from github

A tool written in python to generate basic repo files from github

Riley 7 Dec 02, 2021
Aggregating gridded data (xarray) to polygons

A package to aggregate gridded data in xarray to polygons in geopandas using area-weighting from the relative area overlaps between pixels and polygons.

Kevin Schwarzwald 42 Nov 09, 2022
ZX Spectrum Utilities: (zx-spectrum-utils)

Here are a few utility programs that can be used with the zx spectrum. The ZX Spectrum is one of the first home computers from the early 1980s.

Graham Oakes 4 Mar 07, 2022
Simple tool for creating changelogs

Description Simple utility for quickly generating changelogs, assuming your commits are ordered as they should be. This tool will simply log all lates

2 Jan 05, 2022
✨ Un bot Twitter totalement fait en Python par moi, et en français.

Twitter Bot ❗ Un bot Twitter totalement fait en Python par moi, et en français. Il faut remplacer auth = tweepy.OAuthHandler(consumer_key, consumer_se

MrGabin 3 Jun 06, 2021
Make your functions return something meaningful, typed, and safe!

Make your functions return something meaningful, typed, and safe! Features Brings functional programming to Python land Provides a bunch of primitives

dry-python 2.6k Jan 09, 2023
Homebase Name Changer for Fortnite: Save the World.

Homebase Name Changer This program allows you to change the Homebase name in Fortnite: Save the World. How to use it? After starting the HomebaseNameC

PRO100KatYT 7 May 21, 2022
✨ Un chois aléatoire d'un article sur Wikipedia totalement fait en Python par moi, et en français.

Wikipedia Random Article ❗ Un chois aléatoire d'un article sur Wikipedia totalement fait en Python par moi, et en français. 🔮 Grâce a une requète a w

MrGabin 4 Jul 18, 2021
Check username

Checker-Oukee Check username It checks the available usernames and creates a new account for them Doesn't need proxies Create a file with usernames an

4 Jun 05, 2022
Produce a simulate-able SDF of an arbitrary mesh with convex decomposition.

Mesh-to-SDF converter Given a (potentially nasty, nonconvex) mesh, automatically creates an SDF file that describes that object. The visual geometry i

Greg Izatt 22 Nov 23, 2022
Course-parsing - Parsing Course Info for NIT Kurukshetra

Parsing Course Info for NIT Kurukshetra Overview This repository houses code for

Saksham Mittal 3 Feb 03, 2022
Small Python script to parse endlessh's output and print some neat statistics

endlessh_parser endlessh_parser is a small Python script that parses endlessh's output and prints some neat statistics about it Usage Install all the

ManicRobot 1 Oct 18, 2021
Python USD rate in RUB parser

Python EUR and USD rate parser. Python USD and EUR rate in RUB parser. Parsing i

Andrew 2 Feb 17, 2022
A python package containing all the basic functions and classes for python. From simple addition to advanced file encryption.

A python package containing all the basic functions and classes for python. From simple addition to advanced file encryption.

PyBash 11 May 22, 2022
A simple, console based nHentai Code Generator

nHentai Code Generator A simple, console based nHentai Code Generator. How to run? Windows Android Windows Make sure you have python and git installed

5 Jun 02, 2022
DUQ is a python package for working with physical Dimensions, Units, and Quantities.

DUQ is a python package for working with physical Dimensions, Units, and Quantities.

2 Nov 02, 2022
Data Utilities e.g. for importing files to onetask

Use this repository to easily convert your source files (csv, txt, excel, json, html) into record-oriented JSON files that can be uploaded into onetask.

onetask.ai 1 Jul 18, 2022
Spacegit is a .git exposed finder

Spacegit Spacegit is a basic .git exposed finder Usage: You need python3 installed to run spacegit use: python3 spacegit.py (url) Disclaimer: **This i

2 Nov 30, 2021
Similar looking domain detection using python fuzzywuzzy

Major cause of phishing and BEC incident is similar looking domain, if you detect it early, you can prevent incidents early, python fuzzywuzzy module let you do that

2 Nov 07, 2021
Run functions in parallel easily, with their results typed correctly!

typesafe_parmap pip install pip install typesafe-parmap Run functions in parallel safely with typesafe parmap! GitHub: https://github.com/thejaminato

James Chua 3 Nov 06, 2021