0x4D31 / Burpa
Licence: gpl-3.0
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Burpa
Taipan
Web application vulnerability scanner
Stars: ✭ 359 (-15.93%)
Mutual labels: security-tools, security-scanner, security-automation, web-security
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-14.99%)
Mutual labels: automation, security-tools, security-scanner, security-automation
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-75.41%)
Mutual labels: automation, security-tools, security-scanner, security-automation
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-62.06%)
Mutual labels: security-tools, security-scanner, burpsuite, web-security
Patrowlengines
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-62.06%)
Mutual labels: automation, security-tools, security-scanner, security-automation
Kube Scan
kube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (+32.55%)
Mutual labels: devops, security-tools, security-scanner
Super
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-20.37%)
Mutual labels: security-tools, security-scanner, security-automation
Shodansploit
🔎 shodansploit > v1.3.0
Stars: ✭ 342 (-19.91%)
Mutual labels: security-tools, security-scanner, security-automation
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+1971.19%)
Mutual labels: security-tools, security-scanner, security-automation
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+2039.81%)
Mutual labels: devops, security-tools, security-scanner
W5
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (-14.05%)
Mutual labels: automation, security-tools, security-automation
Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-49.41%)
Mutual labels: security-tools, security-scanner, security-automation
Kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Stars: ✭ 213 (-50.12%)
Mutual labels: automation, devops, security-tools
Nosqli
NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Stars: ✭ 120 (-71.9%)
Mutual labels: security-tools, security-scanner, security-automation
Zbn
安全编排与自动化响应平台
Stars: ✭ 201 (-52.93%)
Mutual labels: automation, security-tools, security-automation
Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-91.57%)
Mutual labels: web-security, security-scanner, security-automation
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (+21.08%)
Mutual labels: security-tools, security-scanner, security-automation
Inql
InQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (+67.45%)
Mutual labels: security-tools, security-scanner, burpsuite
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+648.95%)
Mutual labels: devops, security-automation, burpsuite
Salt Scanner
Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
Stars: ✭ 261 (-38.88%)
Mutual labels: devops, security-tools, security-scanner
burpa: Burp Automator
A Burp Suite Automation Tool
Requirements
- burp-rest-api
- Burp Suite Professional
- slackclient
Usage
$ python burpa.py -h
###################################################
__
/ /_ __ ___________ ____ _
/ __ \/ / / / ___/ __ \/ __ `/
/ /_/ / /_/ / / / /_/ / /_/ /
/_.___/\__,_/_/ / .___/\__,_/
/_/
burpa version 0.1 / by 0x4D31
###################################################
usage: burpa.py [-h] [-a {scan,proxy-config,stop}] [-pP PROXY_PORT]
[-aP API_PORT] [-rT {HTML,XML}] [-r {in-scope,all}] [-sR]
[-sAT SLACK_API_TOKEN]
[--include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]]]
[--exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]]
proxy_url
positional arguments:
proxy_url Burp Proxy URL
optional arguments:
-h, --help show this help message and exit
-a {scan,proxy-config,stop}, --action {scan,proxy-config,stop}
-pP PROXY_PORT, --proxy-port PROXY_PORT
-aP API_PORT, --api-port API_PORT
-rT {HTML,XML}, --report-type {HTML,XML}
-r {in-scope,all}, --report {in-scope,all}
-sR, --slack-report
-sAT SLACK_API_TOKEN, --slack-api-token SLACK_API_TOKEN
--include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]]
--exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]
TEST:
$ python burpa.py http://127.0.0.1 --action proxy-config
###################################################
__
/ /_ __ ___________ ____ _
/ __ \/ / / / ___/ __ \/ __ `/
/ /_/ / /_/ / / / /_/ / /_/ /
/_.___/\__,_/_/ / .___/\__,_/
/_/
burpa version 0.1 / by 0x4D31
###################################################
[+] Checking the Burp proxy configuration ...
[-] Proxy configuration needs to be updated
[+] Updating the Burp proxy configuration ...
[-] Proxy configuration updated
$ python burpa.py http://127.0.0.1 --action scan --include-scope http://testasp.vulnweb.com --report in-scope --slack-report
###################################################
__
/ /_ __ ___________ ____ _
/ __ \/ / / / ___/ __ \/ __ `/
/ /_/ / /_/ / / / /_/ / /_/ /
/_.___/\__,_/_/ / .___/\__,_/
/_/
burpa version 0.1 / by 0x4D31
###################################################
[+] Retrieving the Burp proxy history ...
[-] Found 4 unique targets in proxy history
[+] Updating the scope ...
[-] http://testasp.vulnweb.com included in scope
[+] Active scan started ...
[-] http://testasp.vulnweb.com Added to the scan queue
[-] Scan in progress: %100
[+] Scan completed
[+] Scan issues for http://testasp.vulnweb.com:
- Issue: Robots.txt file, Severity: Information
- Issue: Cross-domain Referer leakage, Severity: Information
- Issue: Cleartext submission of password, Severity: High
- Issue: Frameable response (potential Clickjacking), Severity: Information
- Issue: Password field with autocomplete enabled, Severity: Low
- Issue: Cross-site scripting (reflected), Severity: High
- Issue: Unencrypted communications, Severity: Low
- Issue: Path-relative style sheet import, Severity: Information
- Issue: Cookie without HttpOnly flag set, Severity: Low
- Issue: File path traversal, Severity: High
- Issue: SQL injection, Severity: High
[+] Downloading HTML/XML report for http://testasp.vulnweb.com
[-] Scan report saved to /tmp/burp-report_20170807-235135_http-testasp.vulnweb.com.html
[+] Burp scan report uploaded to Slack
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].