PortSwigger/BChecks PortSwigger/BChecks

  • Stars
    star
    320
  • Rank 130,927 (Top 3 %)
  • Language
  • License
    GNU Lesser Genera...
  • Created over 1 year ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
PortSwigger/BChecks
github

PortSwigger

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

BChecks collection for Burp Suite Professional

BChecks

Burp Suite Professional BChecks developed both by PortSwigger and the community with ๐Ÿงก

Documentation and Blogs

If you click the ? Icon in the top right of the BChecks sub tab in the Extensions tab you will be linked to the documentation.

Online documentation can be found here

BChecks: Houston, we have a solution! (blog)

Burp Suite Short (video)

Community submissions

Please issue a pull request and follow the process outlined here

the BChecks

Examples

Example BChecks to help you get started covering

  • Blind SSRF via out-of-band detection
  • Exposed git directory
  • Leaked AWS Tokens
  • Log4Shell via out-of-band detection
  • Server Side Prototype Pollution
  • Suspicious Input Transformation

/examples

Vulnerabilities CVEd

BChecks for specific vulnerabilities which have a CVE

/vulnerabilities-CVEd

Vulnerability classes

BChecks for specific vulnerability classes as opposed to discrete vulnerabilities.

/vulnerability-classes

Other

Other BChecks doing all the wonderful things which we didn't imagine

/other

More Repositories

1

turbo-intruder

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Kotlin
1,112
star
2

param-miner

Java
1,001
star
3

http-request-smuggler

Java
950
star
4

backslash-powered-scanner

Finds unknown classes of injection vulnerabilities
Java
626
star
5

xss-cheatsheet-data

This repository contains all the XSS cheatsheet data to allow contributions from the community.
397
star
6

collaborator-everywhere

A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
Java
395
star
7

hackability

Probe a rendering engine for vulnerabilities and other features
JavaScript
366
star
8

bypass-bot-detection

Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection
Java
186
star
9

dastardly-github-action

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
Dockerfile
126
star
10

js-link-finder

Burp Extension for a passive scanning JS files for endpoint links.
Python
118
star
11

portable-data-exfiltration

This repo contains all the injections mentioned in my talk and enumerators.
JavaScript
87
star
12

distribute-damage

Evenly distributes scanner load across targets
Java
80
star
13

httpoxy-scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.
Java
76
star
14

replicator

Burp extension to help developers replicate findings from pen tests
Java
64
star
15

burp-extensions-montoya-api

Burp Extensions Api
Java
64
star
16

burp-extender-api

Burp Wiener API (Legacy)
Java
54
star
17

python-scripter

Sourced from gist: https://gist.github.com/mwielgoszewski/7026954
Python
51
star
18

css-exfiltration

HTML
46
star
19

serialization-examples

Java
33
star
20

aws-security-checks

AWS Security Checks
Python
31
star
21

example-hello-world

Java
31
star
22

server-side-prototype-pollution

Java
22
star
23

burp-extensions-montoya-api-examples

Examples for using the Montoya API with Burp Suite
Java
20
star
24

example-intruder-payloads

Java
19
star
25

example-scanner-checks

Java
18
star
26

reflected-parameters

Java
18
star
27

nice-script

A JavaScript sandbox using proxies
JavaScript
17
star
28

custom-logger

Java
16
star
29

example-custom-editor-tab

Java
15
star
30

example-event-listeners

Java
15
star
31

bseept

Burp Suite Enterprise Edition Power Tools
Python
13
star
32

research-labs

This repository contains a number of insecure self-hosted applications that allows interested security engineers to test vulnerabilities found by Portswigger Research team.
TypeScript
13
star
33

3d-css-tutorial

HTML
12
star
34

example-custom-scan-insertion-points

Java
12
star
35

extended-macro

ExtendedMacro - BurpSuite plugin providing extended macro functionality
Java
10
star
36

waf-detect

Burp app (BApp) for detecting WAF fingerprints
Java
8
star
37

enterprise-reference-stack-for-aws

Smarty
7
star
38

viewstate-editor

Burp extension to add a view state tab to the message editor
Java
6
star
39

exiftool-scanner

Burp extension, reads metadata using ExifTool
Java
6
star
40

random-ip-address-header

Java
5
star
41

html5-auditor

Java
5
star
42

what-the-waf

Try harder to bypass that WAF...
Ruby
4
star
43

certsquirt

A golang PKI in less than 1000 lines of code.
Go
3
star
44

example-custom-session-tokens

Java
2
star
45

example-custom-logger

Java
2
star
46

manual-scan-issues

Java
2
star
47

splunk-connector

ActiveEvent is a Burp plugin that integrates Burp Scanner and Splunk events
Ruby
2
star
48

websphere-portlet-state-decoder

Python
1
star
49

burp-jenkins-integration

Enterprise integration with Jenkins
Java
1
star
50

open-day

1
star
51

enterprise-helm-charts

Helm charts for BSEE Kubernetes installation.
Smarty
1
star