Python script to launch burp scans automatically

Related tags

General UtilitiesSimpleAutoBurp
Overview

SimpleAutoBurp

Python script that takes a config.json file as config and uses Burp Suite Pro to scan a list of websites.

This script is a simplification of AutoScanWithBurp, also AutoScanWithBurp uses an extension to execute the scan and Burp state files that were deprecated in 2018.

SimpleAutoBurp uses the new Burp API and Burp project files. Authenticated Burp scans and Nikto are not yet implemented.

Configure

The script needs a config.json with the configuration, here we have an example:

{
    "sites" : [{
        "scanURL" : "https://test-xss.000webhostapp.com",
        "project" : "/home/ec2-user/BurpSuitePro/2021-07-11-Test_1.burp",
        "apikey" : "APIKEY"
      },
      {
        "scanURL" : "http://test-xss.000webhostapp.com",
        "project" : "/home/ec2-user/BurpSuitePro/2021-07-11-Test_1.burp",
        "apikey" : "APIKEY"
      }
    ],
    "burpConfigs" : [{
        "memory" : "2048m",
        "headless" : "true",
        "java" : "/home/ec2-user/BurpSuitePro/jre/bin/java",
        "burpJar" : "/home/ec2-user/BurpSuitePro/burpsuite_pro.jar",
        "retry" : 5,
        "logPath" : "/home/ec2-user/BurpSuitePro/",
        "logfileName" : "SimpleAutoBurp",
        "loglevel" : "debug",
        "ScanOutput" : "/home/ec2-user/ScanOutput/"
      }
      ]
}
  • Site (the config file can contain multiple sites):
    • scanURL: URL to scan.
    • project: Path to a Burp project files.
    • apikey: Burp API Key. User options - Misc - REST API, enable the service and create a new API Key. More info here.
  • burpConfigs
    • memory: Maximum amount of memory.
    • headless: Enable or disable headless mode.
    • java: Path to the Java binary.
    • burpJar: Path to the Burp Suite JAR file.
    • retry: How many times, the script will try to check if burp is up and running.
    • logPath: Path of the log file.
    • logfileName: Name of the log file.
    • loglevel: Log Level (DEBUG INFO WARNING ERROR CRITICAL).
    • ScanOutput: Path to results

Execute

SimpleAutoBurp.py /home/ec2-user/config.json

Schedule Scan

This script can be scheduled to execute using crontab in *nix systems like this:

0 2 * * * ec2-user /usr/bin/python3.7 /home/ec2-user/SimpleAutoBurp.py /home/ec2-user/config.json

Output

The script generates a log of the execution and a file with a json that includes information about all the vulnerabilities found. It only shows vulnerabilities detected in this scan and not detected previously.

Recommendations

To improve the results of the scan enable extensions like:

  • Active Scans++
  • Software Vulnerability Scanner
  • Backslash Powered Scanner
  • Additional Scanner Checks
  • Error Message Checks
Owner
Adan Álvarez
Adan Álvarez
GitHub Repository
A color library based on pokemons colors!

pokepalette A simple pokemon color chooser " This repo is based on CDWimmer/PokePalette and was originated from this tweet. If you don't remember your

Thomas Capelle 5 Aug 30, 2021
A simple python implementation of Decision Tree.

DecisionTree A simple python implementation of Decision Tree, using Gini index. Usage: import DecisionTree node = DecisionTree.trainDecisionTree(lab

1 Nov 12, 2021
Raganarok X: Next Generation Data Dump

Raganarok X Data Dump Raganarok X: Next Generation Data Dump More interesting Files File Name Contains en_langs All the variables you need in English

14 Jul 15, 2022
✨ Un générateur de lien raccourcis en fonction d'un lien totalement fait en Python par moi, et en français.

Shorter Link ❗ Un générateur de lien raccourcis en fonction d'un lien totalement fait en Python par moi, et en français. Dépendences : pip install pys

MrGabin 3 Jun 06, 2021
PyResToolbox - A collection of Reservoir Engineering Utilities

pyrestoolbox A collection of Reservoir Engineering Utilities This set of functio

Mark W. Burgoyne 39 Oct 17, 2022
A program will generate a eth key pair that has the public key that starts with a defined amount of 0

ETHAdressGenerator This short program will generate a eth key pair that has the public key that starts with a defined amount of 0 Requirements Python

3 Nov 19, 2021
Animation retargeting tool for Autodesk Maya. Retargets mocap to a custom rig with a few clicks.

Animation Retargeting Tool for Maya A tool for transferring animation data and mocap from a skeleton to a custom rig in Autodesk Maya. Installation: A

Joaen 63 Jan 06, 2023
Factoral Methods using two different method

Factoral-Methods-using-two-different-method Here, I am finding the factorial of a number by using two different method. The first method is by using f

Sachin Vinayak Dabhade 4 Sep 24, 2021
pydsinternals - A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.

pydsinternals - Directory Services Internals Library A Python native library containing necessary classes, functions and structures to interact with W

Podalirius 36 Dec 14, 2022
Python module and its web equivalent, to hide text within text by manipulating bits

cacherdutexte.github.io This project contains : Python modules (binary and decimal system 6) with a dedicated tkinter program to use it. A web version

2 Sep 04, 2022
Adding two matrix from scratch using python.

Adding-two-matrix-from-scratch-using-python. Here, I have take two matrix from user and add it without using any library. I made this program from scr

Sachin Vinayak Dabhade 4 Sep 24, 2021
Helper script to bootstrap a Python environment with the tools required to build and install packages.

python-bootstrap Helper script to bootstrap a Python environment with the tools required to build and install packages. Usage $ python -m bootstrap.bu

Filipe Laíns 7 Oct 06, 2022
A collection of utility functions to prototype geometry processing research in python

gpytoolbox This repo is a work in progress and contains general utility functions I have needed to code while trying to work on geometry process resea

Silvia Sellán 73 Jan 06, 2023
A simple tool to move and rename Nvidia Share recordings to a more sensible format.

A simple tool to move and rename Nvidia Share recordings to a more sensible format.

Jasper Rebane 8 Dec 23, 2022
Create C bindings for python automatically with the help of libclang

Python C Import Dynamic library + header + ctypes = Module like object! Create C bindings for python automatically with the help of libclang. Examples

1 Jul 25, 2022
A utility tool to create .env files

A utility tool to create .env files dump-env takes an .env.template file and some optional environmental variables to create a new .env file from thes

wemake.services 89 Dec 08, 2022
Writing Alfred copy/paste scripts in Python

Writing Alfred copy/paste scripts in Python This repository shows how to create Alfred scripts in Python. It assumes that you using pyenv for Python v

Will Fitzgerald 2 Oct 26, 2021
A Tool that provides automatic kerning for ligature based OpenType fonts in Microsoft Volt

Kerning A Tool that provides automatic kerning for ligature based OpenType fonts in Microsoft Volt There are three stages of the algorithm. The first

Sayed Zeeshan Asghar 6 Aug 01, 2022
Python program to do with percentages and chances, random generation.

Chances and Percentages Python program to do with percentages and chances, random generation. What is this? This small program will generate a list wi

n0 3 Jul 15, 2021
Simple python module to get the information regarding battery in python.

Battery Stats A python3 module created for easily reading the current parameters of Battery in realtime. It reads battery stats from /sys/class/power_

Shreyas Ashtamkar 5 Oct 21, 2022