This extension allows you to run Burp Suite's Spider and Scanner tools in headless mode via the command-line. It can:
- Run burp scan in headless or GUI mode.
- Specify target sitemap and add URL(s) to Burp's target scope.
- Use the seed request/response data saved in a project file, generated by any integration, functional or manual testing.
- Mark issues as false positives, these will not be reported in the scan report anymore.
- Spider the target scope.
- Actively scan the target scope.
- Generate a scan report in JUnit, HTML, or XML format. The JUnit report can be used to instruct the CI server to fail the build when vulnerabilities are found.
- Shut down Burp
For more detailed examples and the config file format, consult the extension's Github repository.
|Author||Anand Sudhir Prayaga, Rita Nordtug|
|Last updated||09 July 2018|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.