Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/portswigger/bchecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
https://github.com/portswigger/bchecks

Last synced: about 2 months ago
JSON representation

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition

Awesome Lists containing this project

README

        

# BChecks

BChecks for Burp Suite Professional and Burp Suite Enterprise Edition, developed by PortSwigger and the community with ๐Ÿงก

## Documentation
**Burp Suite Professional:** To view the documentation, go to **Extensions > BChecks** and click the **?** icon in the top-right corner of the window.

**Burp Suite Enterprise Edition:** To learn more about BChecks, see [Adding BChecks to Burp Suite Enterprise Edition](https://portswigger.net/burp/documentation/enterprise/user-guide/extensions/adding-extensions#adding-bchecks-to-burp-suite-enterprise-edition).

To see all of our documentation on BChecks for both Burp Suite Professional and Burp Suite Enterprise Edition, see [BCheck definitions](https://portswigger.net/burp/documentation/scanner/bchecks).

## Blogs

[Burp Suite Shorts | BCheck v2-beta language](https://youtu.be/lR04_eN4Uuo)

[What's new with BChecks?](https://portswigger.net/blog/whats-new-with-bchecks)

[Introducing custom scan checks to Burp Suite Enterprise Edition](https://portswigger.net/blog/introducing-custom-scan-checks-to-burp-suite-enterprise-edition)

[Supporting Sprocket Security's offensive security testing with BChecks](https://portswigger.net/blog/supporting-sprocket-securitys-offensive-security-testing-with-bchecks-from-burp-suite)

[The top 10 community-created BChecks, so far...](https://portswigger.net/blog/the-top-10-community-created-bchecks-so-far)

[BChecks: Houston, we have a solution!](https://portswigger.net/blog/bchecks-houston-we-have-a-solution)

[Burp Suite Shorts | BChecks](https://youtu.be/NaiQMJk4nus)

## Community submissions
BChecks are a community-driven effort and as such we encourage you to share your own BChecks and improve upon the existing ones.

To learn about the process of contributing to the repository, see [Contributing](https://github.com/PortSwigger/BChecks/blob/main/CONTRIBUTING.md).

## BChecks

### Examples
We've put together some example BChecks, to help you get started:
* Blind SSRF via out-of-band detection
* Exposed git directory
* Leaked AWS Tokens
* Log4Shell via out-of-band detection
* Server Side Prototype Pollution
* Suspicious Input Transformation

[/examples](/examples/)

### Vulnerabilities CVEd
The following BChecks look for specific vulnerabilities which have a CVE:

[/vulnerabilities-CVEd](/vulnerabilities-CVEd/)

### Vulnerability classes
These BChecks look for specific vulnerability classes as opposed to discrete vulnerabilities:

[/vulnerability-classes](/vulnerability-classes/)

### Other
You can see other BChecks that have been created by the community, doing wonderful things that we didn't imagine:

[/other](/other/)

### Archive
You can see archived BChecks that have been preserved for users with older versions of Burp Suite:

[/archived](/archived/)

## Disclaimer
BChecks are written and maintained by third-party users of Burp. We review the pull requests for new community-created scripts before they are added to this repository. However, PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.