Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/augustd/burp-suite-software-version-checks
Burp extension to passively scan for applications revealing software version numbers
https://github.com/augustd/burp-suite-software-version-checks
burp burp-extensions burp-plugin burpsuite java penetration-testing pentest scanning
Last synced: about 2 months ago
JSON representation
Burp extension to passively scan for applications revealing software version numbers
- Host: GitHub
- URL: https://github.com/augustd/burp-suite-software-version-checks
- Owner: augustd
- Created: 2015-07-23T02:42:39.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2021-04-13T01:29:11.000Z (over 3 years ago)
- Last Synced: 2024-04-16T20:08:01.319Z (5 months ago)
- Topics: burp, burp-extensions, burp-plugin, burpsuite, java, penetration-testing, pentest, scanning
- Language: Java
- Homepage:
- Size: 272 KB
- Stars: 29
- Watchers: 8
- Forks: 17
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
[![Build Status](https://travis-ci.org/augustd/burp-suite-software-version-checks.svg?branch=master)](https://travis-ci.org/augustd/burp-suite-software-version-checks)
[![Known Vulnerabilities](https://snyk.io/test/github/augustd/burp-suite-software-version-checks/badge.svg)](https://snyk.io/test/github/augustd/burp-suite-software-version-checks)# burp-suite-software-version-checks
This Burp Suite extension passively detects applications revealing server software version numbers during scanning, spidering etc.Often the server version is revealed only on error responses, which may not be visible during the normal course of testing. Some examples are:
- "Apache Tomcat/6.0.24 - Error report"
- "Server: Apache/2.2.4 (Unix) mod_perl/2.0.3 Perl/v5.8.8"
- "X-AspNet-Version: 4.0.30319"Match rules are loaded from a [remote tab-delimited file](https://github.com/augustd/burp-suite-software-version-checks/blob/master/src/main/resources/burp/match-rules.tab) at extension startup.
Users can also load their own match rules from a local file or using the BApp GUI.