Python script to launch burp scans automatically

Overview

SimpleAutoBurp

Python script that takes a config.json file as config and uses Burp Suite Pro to scan a list of websites.

This script is a simplification of AutoScanWithBurp, also AutoScanWithBurp uses an extension to execute the scan and Burp state files that were deprecated in 2018.

SimpleAutoBurp uses the new Burp API and Burp project files. Authenticated Burp scans and Nikto are not yet implemented.

Configure

The script needs a config.json with the configuration, here we have an example:

{
    "sites" : [{
        "scanURL" : "https://test-xss.000webhostapp.com",
        "project" : "/home/ec2-user/BurpSuitePro/2021-07-11-Test_1.burp",
        "apikey" : "APIKEY"
      },
      {
        "scanURL" : "http://test-xss.000webhostapp.com",
        "project" : "/home/ec2-user/BurpSuitePro/2021-07-11-Test_1.burp",
        "apikey" : "APIKEY"
      }
    ],
    "burpConfigs" : [{
        "memory" : "2048m",
        "headless" : "true",
        "java" : "/home/ec2-user/BurpSuitePro/jre/bin/java",
        "burpJar" : "/home/ec2-user/BurpSuitePro/burpsuite_pro.jar",
        "retry" : 5,
        "logPath" : "/home/ec2-user/BurpSuitePro/",
        "logfileName" : "SimpleAutoBurp",
        "loglevel" : "debug",
        "ScanOutput" : "/home/ec2-user/ScanOutput/"
      }
      ]
}
  • Site (the config file can contain multiple sites):
    • scanURL: URL to scan.
    • project: Path to a Burp project files.
    • apikey: Burp API Key. User options - Misc - REST API, enable the service and create a new API Key. More info here.
  • burpConfigs
    • memory: Maximum amount of memory.
    • headless: Enable or disable headless mode.
    • java: Path to the Java binary.
    • burpJar: Path to the Burp Suite JAR file.
    • retry: How many times, the script will try to check if burp is up and running.
    • logPath: Path of the log file.
    • logfileName: Name of the log file.
    • loglevel: Log Level (DEBUG INFO WARNING ERROR CRITICAL).
    • ScanOutput: Path to results

Execute

SimpleAutoBurp.py /home/ec2-user/config.json

Schedule Scan

This script can be scheduled to execute using crontab in *nix systems like this:

0 2 * * * ec2-user /usr/bin/python3.7 /home/ec2-user/SimpleAutoBurp.py /home/ec2-user/config.json

Output

The script generates a log of the execution and a file with a json that includes information about all the vulnerabilities found. It only shows vulnerabilities detected in this scan and not detected previously.

Recommendations

To improve the results of the scan enable extensions like:

  • Active Scans++
  • Software Vulnerability Scanner
  • Backslash Powered Scanner
  • Additional Scanner Checks
  • Error Message Checks
You might also like...
Small Python script to parse endlessh's output and print some neat statistics

endlessh_parser endlessh_parser is a small Python script that parses endlessh's output and prints some neat statistics about it Usage Install all the

Helper script to bootstrap a Python environment with the tools required to build and install packages.

python-bootstrap Helper script to bootstrap a Python environment with the tools required to build and install packages. Usage $ python -m bootstrap.bu

python script to generate color coded resistor images

Resistor image generator I got nerdsniped into making this. It's not finished at all, and the code is messy. The end goal it generate a whole E-series

A python script to generate wallpaper
A python script to generate wallpaper

wallpaper eits Warning You need to set the path to Robot Mono font in the source code. (Settings are in the main function) Usage A script that given a

Python script to get some stats on nodes in a Blender material nodetree

Python script to get some stats on nodes in a Blender material nodetree. It counts the nodes, the node types and the max deep level for group nodes.

Daiho Tool is a Script Gathering for Windows/Linux systems written in Python.
Daiho Tool is a Script Gathering for Windows/Linux systems written in Python.

Daiho is a Script Developed with Python3. It gathers a total of 22 Discord tools (including a RAT, a Raid Tool, a Nuker Tool, a Token Grabberr, etc). It has a pleasant and intuitive interface to facilitate the use of all with help and explanations for each of them.

An okayish python script to generate a random Euler circuit with given number of vertices and edges.

Euler-Circuit-Test-Case-Generator An okayish python script to generate a random Euler circuit with given number of vertices and edges. Executing the S

Python 3 script unpacking statically x86 CryptOne packer.
Python 3 script unpacking statically x86 CryptOne packer.

Python 3 script unpacking statically x86 CryptOne packer. CryptOne versions: 2021/08 until now (2021/12)

This script allows you to retrieve all functions / variables names of a Python code, and the variables values.

Memory Extractor This script allows you to retrieve all functions / variables names of a Python code, and the variables values. How to use it ? The si

Owner
Adan Álvarez
Adan Álvarez
Grank is a feature-rich script that automatically grinds Dank Memer for you

Grank Inspired by this repository. This is a WIP and there will be more functions added in the future. What is Grank? Grank is a feature-rich script t

null 42 Jul 20, 2022
isort is a Python utility / library to sort imports alphabetically, and automatically separated into sections and by type.

isort is a Python utility / library to sort imports alphabetically, and automatically separated into sections and by type. It provides a command line utility, Python library and plugins for various editors to quickly sort all your imports.

Python Code Quality Authority 5.5k Jan 8, 2023
Python code to generate and store certificates automatically , using names from a csv file

WOC-certificate-generator Python code to generate and store certificates automatically , using names from a csv file IMPORTANT In order to make the co

Google Developer Student Club - IIIT Kalyani 10 May 26, 2022
Create C bindings for python automatically with the help of libclang

Python C Import Dynamic library + header + ctypes = Module like object! Create C bindings for python automatically with the help of libclang. Examples

null 1 Jul 25, 2022
Automatically Generate Rulesets for IIS for Intelligent HTTP/S C2 Redirection

Automatically Generate Rulesets for IIS for Intelligent HTTP/S C2 Redirection This project converts a Cobalt Strike profile to a functional web.config

Jesse 99 Dec 13, 2022
Find version automatically based on git tags and commit messages.

GIT-CONVENTIONAL-VERSION Find version automatically based on git tags and commit messages. The tool is very specific in its function, so it is very fl

null 0 Nov 7, 2021
An awesome tool to save articles from RSS feed to Pocket automatically.

RSS2Pocket An awesome tool to save articles from RSS feed to Pocket automatically. About the Project I used to use IFTTT to save articles from RSS fee

Hank Liao 10 Nov 12, 2022
This program organizes automatically files in folders named as file's extension

Auto Sorting System by Sergiy Grimoldi - V.0.0.2 This program organizes automatically files in folders named as file's extension How to use the code T

Sergiy Grimoldi 1 Jan 7, 2022
Find dependent python scripts of a python script in a project directory.

Find dependent python scripts of a python script in a project directory.

null 2 Dec 5, 2021
cpp20.py is a Python script to compile C++20 code using modules.

cpp20.py is a Python script to compile C++20 code using modules. It browses the source files to determine their dependencies. Then, it compiles then in order using the correct flags.

Julien VERNAY 6 Aug 26, 2022