Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/h3xstream/burp-retire-js
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
https://github.com/h3xstream/burp-retire-js
burp-plugin javascript maven scanner vulnerability zap-plugin
Last synced: 1 day ago
JSON representation
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
- Host: GitHub
- URL: https://github.com/h3xstream/burp-retire-js
- Owner: h3xstream
- License: apache-2.0
- Created: 2014-11-26T23:39:42.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2024-06-14T06:19:56.000Z (7 months ago)
- Last Synced: 2025-01-03T07:15:45.287Z (8 days ago)
- Topics: burp-plugin, javascript, maven, scanner, vulnerability, zap-plugin
- Language: JavaScript
- Homepage:
- Size: 11.6 MB
- Stars: 200
- Watchers: 22
- Forks: 56
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- WebHackersWeapons - burp-retire-js - retire-js?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|[](/categorize/langs/JavaScript.md)| (Weapons / Burpsuite, Caido and ZAP Addons)
README
# Retire.js (Burp plugin) [](https://travis-ci.org/h3xstream/burp-retire-js)
[Burp](http://portswigger.net/burp/) / [ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) extension that integrate [Retire.js](https://github.com/bekk/retire.js) repository to find vulnerable JavaScript libraries. It passively look at JavaScript files loaded and identify those vulnerable based on various signature types (URL, filename, file content or specific hash).
## License
This software is release under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0).
## Downloads
Last updated : December 10th, 2019
Burp Suite plugin : [Download](https://raw.githubusercontent.com/h3xstream/burp-retire-js/gh-pages/releases/burp/burp-retire-js-3.0.2.jar) (also available on the [BApp Store](https://pro.portswigger.net/bappstore/ShowBappDetails.aspx?uuid=36238b534a78494db9bf2d03f112265c))
ZAP plugin : [Download](https://raw.githubusercontent.com/h3xstream/burp-retire-js/gh-pages/releases/zap/retirejs-alpha-3.0.2.zap)
--------------------------
## Burp plugin
## ZAP plugin
## Maven plugin [](http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22com.h3xstream.retirejs%22%20a%3A%22retirejs-maven-plugin%22)
Run the Maven plugin with the goal `scan`:
$ cd myproject
$ mvn com.h3xstream.retirejs:retirejs-maven-plugin:scan
[...]
[INFO] --- retirejs-maven-plugin:1.0.0-SNAPSHOT:scan (default-cli) @ myproject ---
[WARNING] jquery.js contains a vulnerable JavaScript library.
[INFO] Path: C:\Code\myproject\src\main\webapp\js\jquery.js
[INFO] jquery version 1.8.1 is vulnerable.
[INFO] + http://bugs.jquery.com/ticket/11290
[INFO] + http://research.insecurelabs.org/jquery/test/
[...]
The additional parameter `-DretireJsBreakOnFailure` can be use to break the build when at least one vulnerability is found.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.450 s
[INFO] Finished at: 2015-02-19T13:37:00-05:00
[INFO] Final Memory: 11M/245M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.h3xstream.retirejs:retirejs-maven-plugin:1.0.0:scan (default-cli) on project
my-web-app: 6 known vulnerabilities were identified in the JavaScript librairies. -> [Help 1]
[ERROR]
### Run the Maven plugin as part of your build
Use the following configuration to run the Maven plugin as part of your build. Only one `` may be specified at a time.
To scan / iterate earlier in your build cycle, you can bind the plugin to the `validate` phase.
```xml
com.h3xstream.retirejs
retirejs-maven-plugin
3.0.1
https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json
scanProjectJavascript
scan
install
```