Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/codewatchorg/Burp-IndicatorsOfVulnerability

Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack
https://github.com/codewatchorg/Burp-IndicatorsOfVulnerability

Last synced: 2 months ago
JSON representation

Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack

Awesome Lists containing this project

README 

        
# Burp-IndicatorsOfVulnerability

Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack



The extension checks the following things:

1. Application response bodies for specific strings that indicate a vulnerability is present, such as error output indicative of SQLi, Serialization issues, XXE issues, etc, and

2. Application requests in the URL and Body for potential targets of SSRF/LFI/RFI/Directory Traversal/URL Injection attack.

3. Application requests and responses in URLs, bodies, and headers for AWS S3 buckets/Azure Storage containers/Google storage containers.

4. Application requests for parameters that might indicate targets for other common attack vectors (similar to HUNT).

5. Application responses for potential leaking of secrets.



Usage

=====



All you have to do is add the JAR as an extension in Burp, add the targets to your scope in which you want to identify issues, and then it will monitor all Burp traffic.



Future

======



Continue adding and improving the matches as well as add a tab to create your own.