Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/PortSwigger/backslash-powered-scanner

Finds unknown classes of injection vulnerabilities
https://github.com/PortSwigger/backslash-powered-scanner

Last synced: about 13 hours ago
JSON representation

Finds unknown classes of injection vulnerabilities

Host: GitHub
URL: https://github.com/PortSwigger/backslash-powered-scanner
Owner: PortSwigger
License: other
Created: 2016-11-02T09:20:09.000Z (about 8 years ago)
Default Branch: master
Last Pushed: 2023-10-16T13:20:28.000Z (about 1 year ago)
Last Synced: 2024-11-03T04:32:41.738Z (about 17 hours ago)
Language: Java
Homepage:
Size: 37.3 MB
Stars: 635
Watchers: 29
Forks: 92
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-bugbounty-tools - backslash-powered-scanner - Finds unknown classes of injection vulnerabilities (Miscellaneous / Vulnerability Scanners)
stars - PortSwigger/backslash-powered-scanner - Finds unknown classes of injection vulnerabilities (Java)
awesome-hacking-lists - PortSwigger/backslash-powered-scanner - Finds unknown classes of injection vulnerabilities (Java)

README

# backslash-powered-scanner
This extension complements Burp's active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. Evolved from classic manual techniques, this approach reaps many of the benefits of manual testing including casual WAF evasion, a tiny network footprint, and flexibility in the face of input filtering.

For more information, please refer to the whitepaper at http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html

The code can be found at https://github.com/portswigger/backslash-powered-scanner Contributions and feature requests are welcome.

# Changelog
**1.21 20211015**
- Support for detecting iterable inputs
- Support for Burp Suite Enterprise Edition

**1.10 20210407**
- Major refactor
- Support for bulk-scanning
- Misc bugfixes

**1.03 20190814**
- Detect path normalization exploits based on Orange Tsai's research

**1.02 20180606**
- Add MD5/SHA-1 lax comparison to magic value attacks
- Misc bugfixes

**1.01 20180509**
- Add 'COM1' Windows reserved filename to magic value attacks
- Support custom magic value attacks
- Don't attempt filepath related attacks in the request path

**1.0 20180214**
- Provide a configuration dialog

**0.91 20170612**
- Detect alternative code paths triggered by keywords like 'null', 'undefined' etc

**0.9 20170520**
- Detect JSON Injection and escalate into RCE where possible
- Detect Server-Side HTTP Parameter Pollution
- Support bruteforcing backend parameter names
- Improve evidence clarity and reduce false positives
- Find vulnerabilities with subtler evidence
- Detect escape sequence injection
- Improve LFI detection
- Misc tweaks, bugfixes and efficiency improvements

**0.86 20161004**
- First public release

# Installation
This extension requires Burp Suite Pro 1.7.10 or later. To install it, simply use the BApps tab in Burp.

If you want to manually build/install it from source, you'll need to add the following JAR to your libraries: https://commons.apache.org/proper/commons-lang/download_lang.cgi