Burp Bounty v4.0 - BurpSuite extension to improve the active and passive scanner

[itsMe]

Burp Bounty – Scan Check Builder

This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive.

Examples of vulnerabilities that you can find

So, the vulnerabilities identified, from which you can make personalized improvements are:

Active Scan:

    XSS reflected and Stored
    SQL Injection error based
    Blind SQL injection
    Blind SQL injection time-based
    XXE
    Blind XXE
    SSRF
    CRLF
    Information disclosure
    Nginx off-by-slash vulnerability – From Orange Tsai
    Command injection
    Web cache poisoning
    Blind command injection
    Open Redirect
    Local File Inclusion
    Remote File Inclusion
    Path Traversal
    LDAP Injection
    XML Injection
    SSI Injection
    XPath Injection
    etc

Passive Response Scan

    Security Headers
    Cookies attributes
    Endpoints extract
    Software versions
    Error strings
    In general any string or regular expression in the response.

Passive Request Scan

    Interesting params and values
    In general any string or regular expression in the request.

Changelog v4.0

    Burp Bounty Pro 1.6 core
    Quick issue alert
    More options for creating profiles

To see this hidden content, you must like this content.