Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Burp-BReWSki/BReWSki

Last synced: 3 months ago
JSON representation

Host: GitHub
URL: https://github.com/Burp-BReWSki/BReWSki
Owner: Burp-BReWSki
License: mit
Created: 2014-08-05T14:35:35.000Z (about 10 years ago)
Default Branch: master
Last Pushed: 2014-12-04T22:21:58.000Z (almost 10 years ago)
Last Synced: 2024-04-08T12:34:07.579Z (7 months ago)
Language: Java
Size: 523 KB
Stars: 21
Watchers: 5
Forks: 4
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-burp-extensions - BReWSki - BReWSki (Burp Rhino Web Scanner) is a Java extension for Burp Suite that allows user to write custom scanner checks in JavaScript. (Scripting)

README

BReWSki
=========

BReWSki (Burp Rhino Web Scanner) is a Java extension for [Burp Suite](http://portswigger.net/burp/) that allows user to write custom scanner checks in JavaScript. BReWSki provides Burp Suite users with a Javascript interface to write custom passive, and active scan definitions for Burp quickly without having to understand the internals of the Burp API. This makes writing scanner extensions much quicker, and sharing a library of them much easier than loading many different jar files.

## Requirements
- Java JRE 7 (JRE 8 is rumored to work on some devices, although it is erroring out for me. This is currently a known issue with Rhino/Nashborn to Java array conversions and we will be fixing it soon). If you have JRE7 still installed, you can force it by adding the "-version:1.7" switch when launching your JAR. - OVER 3 BILLION DEVICES RUN BREWSKI
- [BurpSuite](http://portswigger.net/burp/) - If you are using Burp Free, only the passive checks are supported by BReWSki and the output is to the console.

## Downloading and Installing
BReWSki will be available in Burp's BApp store, and it also can be downloaded from this repository. You only need the .jar and the definitions to use it, which are included in the zip file ([BReWSki-v0.1.zip](../../raw/master/dist/BReWSki-v0.1.zip)) in the [dist folder](/dist/).

## Usage
![BReWSki Example](/img/BReWSkiExample1.png "BReWSki Example")

![Scanner Example](/img/ScannerExample1.png "Scanner Example")

## How are the results?
Currently BReWSki checks provide tentative results that require more manual analysis. Some checks should never produce a false positive, and other checks will produce a high number of false positives.

## Security
Scanner definition files have the same permissions as jar files and could compromise your machine.

## Development
Please use this git repository for reporting issues, feature requests and pull requests. Alternatively, you may email alex(DOT)lauerman ~at~ gmail.