Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/portswigger/bchecks
BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
https://github.com/portswigger/bchecks
Last synced: 7 days ago
JSON representation
BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
- Host: GitHub
- URL: https://github.com/portswigger/bchecks
- Owner: PortSwigger
- License: lgpl-3.0
- Created: 2023-04-26T10:49:41.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-11-04T10:20:59.000Z (10 days ago)
- Last Synced: 2024-11-04T11:25:39.152Z (10 days ago)
- Homepage: https://portswigger.net/burp/documentation/scanner/bchecks
- Size: 2.06 MB
- Stars: 628
- Watchers: 23
- Forks: 111
- Open Issues: 25
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# BChecks
BChecks for Burp Suite Professional and Burp Suite Enterprise Edition, developed by PortSwigger and the community with ๐งก
## Documentation
**Burp Suite Professional:** To view the documentation, go to **Extensions > BChecks** and click the **?** icon in the top-right corner of the window.
**Burp Suite Enterprise Edition:** To learn more about BChecks, see [Adding BChecks to Burp Suite Enterprise Edition](https://portswigger.net/burp/documentation/enterprise/user-guide/extensions/adding-extensions#adding-bchecks-to-burp-suite-enterprise-edition).
To see all of our documentation on BChecks for both Burp Suite Professional and Burp Suite Enterprise Edition, see [BCheck definitions](https://portswigger.net/burp/documentation/scanner/bchecks).
## Blogs
[Burp Suite Shorts | BCheck v2-beta language](https://youtu.be/lR04_eN4Uuo)
[What's new with BChecks?](https://portswigger.net/blog/whats-new-with-bchecks)
[Introducing custom scan checks to Burp Suite Enterprise Edition](https://portswigger.net/blog/introducing-custom-scan-checks-to-burp-suite-enterprise-edition)
[Supporting Sprocket Security's offensive security testing with BChecks](https://portswigger.net/blog/supporting-sprocket-securitys-offensive-security-testing-with-bchecks-from-burp-suite)
[The top 10 community-created BChecks, so far...](https://portswigger.net/blog/the-top-10-community-created-bchecks-so-far)
[BChecks: Houston, we have a solution!](https://portswigger.net/blog/bchecks-houston-we-have-a-solution)
[Burp Suite Shorts | BChecks](https://youtu.be/NaiQMJk4nus)
## Community submissions
BChecks are a community-driven effort and as such we encourage you to share your own BChecks and improve upon the existing ones.
To learn about the process of contributing to the repository, see [Contributing](https://github.com/PortSwigger/BChecks/blob/main/CONTRIBUTING.md).
## BChecks
### Examples
We've put together some example BChecks, to help you get started:
* Blind SSRF via out-of-band detection
* Exposed git directory
* Leaked AWS Tokens
* Log4Shell via out-of-band detection
* Server Side Prototype Pollution
* Suspicious Input Transformation
[/examples](/examples/)
### Vulnerabilities CVEd
The following BChecks look for specific vulnerabilities which have a CVE:
[/vulnerabilities-CVEd](/vulnerabilities-CVEd/)
### Vulnerability classes
These BChecks look for specific vulnerability classes as opposed to discrete vulnerabilities:
[/vulnerability-classes](/vulnerability-classes/)
### Other
You can see other BChecks that have been created by the community, doing wonderful things that we didn't imagine:
[/other](/other/)
### Archive
You can see archived BChecks that have been preserved for users with older versions of Burp Suite:
[/archived](/archived/)
## Disclaimer
BChecks are written and maintained by third-party users of Burp. We review the pull requests for new community-created scripts before they are added to this repository. However, PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.