h3xstream / Burp Retire Js
Licence: apache-2.0
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
Stars: ✭ 157
Programming Languages
javascript
184084 projects - #8 most used programming language
Projects that are alternatives of or similar to Burp Retire Js
Whour
Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
Stars: ✭ 18 (-88.54%)
Mutual labels: scanner, vulnerability
Iblessing
iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
Stars: ✭ 326 (+107.64%)
Mutual labels: scanner, vulnerability
NSE-scripts
NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Stars: ✭ 105 (-33.12%)
Mutual labels: scanner, vulnerability
Shellshockhunter
It's a simple tool for test vulnerability shellshock
Stars: ✭ 52 (-66.88%)
Mutual labels: scanner, vulnerability
mondoo
🕵️♀️ Mondoo Cloud-Native Security & Vulnerability Risk Management
Stars: ✭ 60 (-61.78%)
Mutual labels: scanner, vulnerability
quick-scripts
A collection of my quick and dirty scripts for vulnerability POC and detections
Stars: ✭ 73 (-53.5%)
Mutual labels: scanner, vulnerability
Openvas Scanner
Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)
Stars: ✭ 1,056 (+572.61%)
Mutual labels: scanner, vulnerability
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+464.97%)
Mutual labels: scanner, vulnerability
log4jscanwin
Log4j Vulnerability Scanner for Windows
Stars: ✭ 142 (-9.55%)
Mutual labels: scanner, vulnerability
Burp Unauth Checker
burpsuite extension for check unauthorized vulnerability
Stars: ✭ 99 (-36.94%)
Mutual labels: vulnerability, burp-plugin
log4shell-finder
Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.
Stars: ✭ 22 (-85.99%)
Mutual labels: scanner, vulnerability
Droid Hunter
(deprecated) Android application vulnerability analysis and Android pentest tool
Stars: ✭ 256 (+63.06%)
Mutual labels: scanner, vulnerability
lachesis
👨💻 A work-in-progress web services mass scanner written in Rust
Stars: ✭ 55 (-64.97%)
Mutual labels: scanner, vulnerability
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (+163.06%)
Mutual labels: scanner, vulnerability
aemscan
Adobe Experience Manager Vulnerability Scanner
Stars: ✭ 161 (+2.55%)
Mutual labels: scanner, vulnerability
vulnscan
A static binary vulnerability scanner
Stars: ✭ 47 (-70.06%)
Mutual labels: scanner, vulnerability
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+439.49%)
Mutual labels: scanner, vulnerability
Dependency spy
Find known vulnerabilities in your dependencies
Stars: ✭ 87 (-44.59%)
Mutual labels: maven, scanner
Retire.js (Burp plugin) 
Burp / ZAP extension that integrate Retire.js repository to find vulnerable JavaScript libraries. It passively look at JavaScript files loaded and identify those vulnerable based on various signature types (URL, filename, file content or specific hash).
License
This software is release under Apache 2.0.
Downloads
Last updated : December 10th, 2019
Burp Suite plugin : Download (also available on the BApp Store)
ZAP plugin : Download
Burp plugin
ZAP plugin
Maven plugin 
Run the Maven plugin with the goal scan:
$ cd myproject
$ mvn com.h3xstream.retirejs:retirejs-maven-plugin:scan
[...]
[INFO] --- retirejs-maven-plugin:1.0.0-SNAPSHOT:scan (default-cli) @ myproject ---
[WARNING] jquery.js contains a vulnerable JavaScript library.
[INFO] Path: C:\Code\myproject\src\main\webapp\js\jquery.js
[INFO] jquery version 1.8.1 is vulnerable.
[INFO] + http://bugs.jquery.com/ticket/11290
[INFO] + http://research.insecurelabs.org/jquery/test/
[...]
The additional parameter -DretireJsBreakOnFailure can be use to break the build when at least one vulnerability is found.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.450 s
[INFO] Finished at: 2015-02-19T13:37:00-05:00
[INFO] Final Memory: 11M/245M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.h3xstream.retirejs:retirejs-maven-plugin:1.0.0:scan (default-cli) on project
my-web-app: 6 known vulnerabilities were identified in the JavaScript librairies. -> [Help 1]
[ERROR]
Run the Maven plugin as part of your build
Use the following configuration to run the Maven plugin as part of your build. Only one <repoUrl> may be specified at a time.
To scan / iterate earlier in your build cycle, you can bind the plugin to the validate phase.
<plugin>
<groupId>com.h3xstream.retirejs</groupId>
<artifactId>retirejs-maven-plugin</artifactId>
<version>3.0.1</version>
<configuration>
<repoUrl>https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json</repoUrl>
<!--<repoUrl>https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json</repoUrl>-->
</configuration>
<executions>
<execution>
<id>scanProjectJavascript</id>
<goals>
<goal>scan</goal>
</goals>
<phase>install</phase>
</execution>
</executions>
</plugin>
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].