https://github.com/projectdiscovery/nuclei-burp-plugin

Nuclei plugin for BurpSuite
https://github.com/projectdiscovery/nuclei-burp-plugin

Last synced: 5 days ago
JSON representation

Nuclei plugin for BurpSuite

• Host: GitHub
• URL: https://github.com/projectdiscovery/nuclei-burp-plugin
• Owner: projectdiscovery
• License: mit
• Created: 2022-01-17T10:31:33.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2024-09-11T09:29:20.000Z (4 months ago)
• Last Synced: 2025-01-02T20:11:31.748Z (12 days ago)
• Language: Java
• Size: 60.2 MB
• Stars: 1,206
• Watchers: 29
• Forks: 115
• Open Issues: 23
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-burp-extensions - Nuclei Template Generator Burp Plugin - A BurpSuite plugin intended to help with nuclei template generation. (Tool Integration / SSRF)
• awesome-hacking-lists - projectdiscovery/nuclei-burp-plugin - Nuclei plugin for BurpSuite (Java)

README

        


  


  



Nuclei Template Generator Burp Plugin




  

  





A `Burp Suite` plugin intended to help with [`nuclei`](https://github.com/projectdiscovery/nuclei) template generation.





  


    

  



  

  



  



## Features

### Template matcher generation

* `Word` and `Binary` matcher creation using selected response snippets from `Proxy` history or `Repeater` contexts

* Multi-line selections are split to separate words for readability

* Binary matchers are created for selections containing non-`ASCII` characters

* The `part` field is auto-set based on whether the selection was in the request header or body

* Every generated template auto-includes a `Status` matcher, using the `HTTP` status code of the response

### Modifying generated templates

* New matchers and requests can be added to previously generated templates, by highlighting a part of a response

* In case of a CVE, template information fields can be filled in automatically (Right-click on a template, Add → Classification → CVE)

### Request template generation

* In the `Intruder` tab, selected payload positions can be used to generate request templates, using one of the following attack types: `Battering ram`, `Pitchfork` or `Cluster bomb`

* The selected text snippet from an `HTTP` request under the `Proxy` or `Repeater` tab can be used to generate a request template with the attack type defaulting to `Battering ram`

* Templates containing multiple requests can be generated by selecting multiple proxy items and clicking generate

### Template execution

* Generated templates can be executed instantly, and the output is shown in the same window for convenience

* The plugin auto-generates the CLI command, using the absolute nuclei path, absolute template path and target information extracted from the desired request

* History of unique, executed commands are stored, can be quick searched and re-executed within the current session

* CLI flag filtering and completion support can be accessed using the `CTRL + R` keyboard shorcut 

### Experimental features

* (Non-contextual) `YAML` property and value **auto-complete**, using reserved words from the nuclei [`JSON` schema](https://github.com/projectdiscovery/nuclei/blob/master/nuclei-jsonschema.json)

* **Syntax highlighting** of `YAML` properties, based on reserved words

### Productivity

* Almost every action can be triggered using keyboard shortcuts:

    * **F1**: open nuclei template documentation

    * **Ctrl + Enter**: execute current template

    * **Ctrl + Shift + E**: jump to the template editor

    * **Ctrl + L**: jump to the CLI input field

    * **Ctrl + R**: show CLI argument helper

    * **Ctrl + S**: save the current template

    * **Ctrl + Plus/Minus**: increase/decrease font size

    * **Ctrl + Q**: quit

* Tab support:

    * **Ctrl + Tab** or **Ctrl + PageDown**: open next tab

    * **Ctrl + Shift + Tab** or **Ctrl + PageUp**: open previous tab

    * **Ctrl + [1-9]**: move to n-th tab

    * **Mouse Scroll Up/Down** over the tabs: navigate to next or previous tab

    * **Ctrl + W** or **Middle Mouse Button Click**: close current tab

* The template path is auto-updated if the template is saved to a new location

* The `template-id` is recommended as file name when saving

### Settings

* The plugin attempts to auto-detect and complete the configuration values

* The code searches for the nuclei binary path, using the values from the process's environmental `PATH` variable.  

  **Note**: the Burp Suite binary, opposed to the stand-alone BurpSuite jar, might not have access to

  the current user's `PATH` variable.

* The target template path is calculated based on the default nuclei template directory, configured under `/.config/nuclei/.templates-config.json`

* The name of the currently logged-in operating system user is used as a default value for the template author configuration

* The user can decide whether to display the generated template in a dedicated window or embedded under "Generator", within the Nuclei tab

### Look and feel

* The template generator window supports Dark and Light themes. The presented theme is chosen based on the selected Burp Suite theme, under `User Options`

* Support for **colored** nuclei output

* Modifiable font size in the template editor and command output

## Building the code

Use `mvn clean package -DskipTests` to build the project yourself. It requires Maven `3.x` and Java `11+`.

On macOS the dependencies for the plugin can be met using Homebrew: `brew install mvn openjdk@11`

Alternatively, different builds can be downloaded from the [Actions](https://github.com/projectdiscovery/nuclei-burp-plugin/actions) section. The built artifact can be found under the latest build's `Artifacts`

section. These artifacts are generated after every commit, but are only stored for a limited amount of time.

## Installation

By building the code:

1. Build the code yourself or download a pre-built/[release](https://github.com/projectdiscovery/nuclei-burp-plugin/releases) version

2. Go to `Extender` in `Burp Suite`

3. Click the `Add` button in the `Extensions` tab

4. Leave the `Extension Type` on `Java`

5. Select the path to the plugin (`.jar`)

Through [BApp Store](https://portswigger.net/bappstore/526f5564b7414bfe978e650d8ea6567b):

1. Go to `Extender` in `Burp Suite`

2. Select the `BApp Store` tab

3. Search for **Nuclei Template Generator Plugin**

4. Clink on **Install**

Note: this plugin does **NOT** require **Burp Suite Professional**.

## Screenshots

![Generated Word matcher on response header](static/generated_header_word_matcher_template.png "Generated Word matcher on response header")

![Generated multi-word matcher on response body](static/generated_body_multi_word_matcher_template.png "Generated multi-word matcher on response body")

![Generated request template using Battering ram](static/generated_batteringram_request_template.png "Generated request template using Battering ram")

### Credits

Created with ❤️ by [@forgedhallpass](https://github.com/forgedhallpass)

### License

Nuclei and this plugin are distributed under [MIT License](LICENSE).