Skip to content

4k4xs4pH1r3/software-vulnerability-scanner

 
 

Repository files navigation

burp-vulners-scanner

Current Release Downloads PayPal

Description

Burp Suite scanner plugin based on Vulners.com vulnerability database API

  • Search fingerprints in http response (inspired by plugin "Software Version Reporter") and check found version in vulners.com vulnerability database
  • [Experemental] Check unique URLs in vulners.com finding exploits for such paths

If Vulners Plugin detects vulnerable software it will show you CVE, advisoroies and even applicable exploits!

How to use

Burp Vulners plugin Tutorial Video

BurpSuite Linux pre-requisites installation as root

  • Oracle java
  • Maven
  • Python 2 + 3
  • Radamsa to fuzz your programs
  • RVM
  • Ruby
  • Jython
  • jRuby

Execute

curl -sSL https://rvm.io/mpapis.asc | gpg --import - && curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && source /usr/local/rvm/scripts/rvm && \curl -sSL https://get.rvm.io | bash -s stable --rails && rvm install jruby && apt install jython libcanberra-gtk-module libcanberra-gtk3-module gcc make git wget -y && pip install frida && python3 -m pip install frida && pip install Pyro4 && python3 -m pip install Pyro4 && cd /usr/share && git clone https://gitlab.com/akihe/radamsa.git && cd radamsa && make && make install && echo "HAL 9000" | radamsa && cd && cd /usr/share && git clone https://github.com/PortSwigger/software-vulnerability-scanner.git && apt install maven -y && cd software-vulnerability-scanner && mvn package && cd

BurpSuite Community

Click to download and install it

BurpSuite Pro

Click to download and install it

Install extensions in BurpSuite Community

Open Burp Suite -> Extender -> Options -> Python Enviroment -> Location of jython standalone JAR file:

/usr/share/jython/bin/jython

Open Burp Suite -> Extender -> Options -> Ruby Enviroment -> Location of jRuby JAR file:

/usr/local/rvm/rubies/jruby-9.4.0.0/lib/jruby.jar

Open Burp Suite -> Extender -> BApp Store -> Sort by Last updated-> Install all extensions

Open Burp Suite -> Extender -> Extensions -> Add -> Extension file (.jar) Select file -> burp-vulners-scanner-1.2.jar

You cand find it in this folder /usr/share/software-vulnerability-scanner/target

Now login/singup here and generate/copy your API Key

Is time to open BurpSuite TAB called Software Vulnerability Scanner and add yours.

Install extensions in BurpSuite Pro

Open Burp Suite -> Extender -> Options -> Python Enviroment -> Location of jython standalone JAR file:

/usr/share/jython/bin/jython

Open Burp Suite -> Extender -> Options -> Ruby Enviroment -> Location of jRuby JAR file:

/usr/share/jruby/bin/jruby

Open Burp Suite -> Extender -> BApp Store -> Sort by Details-> Install all Pro extensions

Now login/singup here and generate/copy your API Key

Is time to open BurpSuite TAB called Software Vulnerability Scanner and add yours.

alias bpx='sh -c "cd ~/Downloads/x/bsp/bsp && cpulimit -l 70 -- nohup /usr/bin/java -Xmx30G \
--add-opens=java.desktop/javax.swing=ALL-UNNAMED \
--add-opens=java.base/java.lang=ALL-UNNAMED \
--add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED \
--add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED \
--add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED \
-javaagent:Dr-FarFar.jar -noverify -jar burpsuite_pro_v2024.5.5.jar &"'

About

Vulnerability scanner based on vulners.com search API

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 99.4%
  • HTML 0.6%