PortSwigger/backslash-powered-scanner PortSwigger/backslash-powered-scanner

  • Stars
    star
    606
  • Rank 71,825 (Top 2 %)
  • Language
    Java
  • License
    Other
  • Created over 7 years ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
PortSwigger/backslash-powered-scanner
github

PortSwigger

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Finds unknown classes of injection vulnerabilities

backslash-powered-scanner

This extension complements Burp's active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. Evolved from classic manual techniques, this approach reaps many of the benefits of manual testing including casual WAF evasion, a tiny network footprint, and flexibility in the face of input filtering.

For more information, please refer to the whitepaper at http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html

The code can be found at https://github.com/portswigger/backslash-powered-scanner Contributions and feature requests are welcome.

Changelog

1.21 20211015

  • Support for detecting iterable inputs
  • Support for Burp Suite Enterprise Edition

1.10 20210407

  • Major refactor
  • Support for bulk-scanning
  • Misc bugfixes

1.03 20190814

  • Detect path normalization exploits based on Orange Tsai's research

1.02 20180606

  • Add MD5/SHA-1 lax comparison to magic value attacks
  • Misc bugfixes

1.01 20180509

  • Add 'COM1' Windows reserved filename to magic value attacks
  • Support custom magic value attacks
  • Don't attempt filepath related attacks in the request path

1.0 20180214

  • Provide a configuration dialog

0.91 20170612

  • Detect alternative code paths triggered by keywords like 'null', 'undefined' etc

0.9 20170520

  • Detect JSON Injection and escalate into RCE where possible
  • Detect Server-Side HTTP Parameter Pollution
  • Support bruteforcing backend parameter names
  • Improve evidence clarity and reduce false positives
  • Find vulnerabilities with subtler evidence
  • Detect escape sequence injection
  • Improve LFI detection
  • Misc tweaks, bugfixes and efficiency improvements

0.86 20161004

  • First public release

Installation

This extension requires Burp Suite Pro 1.7.10 or later. To install it, simply use the BApps tab in Burp.

If you want to manually build/install it from source, you'll need to add the following JAR to your libraries: https://commons.apache.org/proper/commons-lang/download_lang.cgi

More Repositories

1

turbo-intruder

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Kotlin
1,112
star
2

param-miner

Java
1,001
star
3

http-request-smuggler

Java
934
star
4

collaborator-everywhere

A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
Java
395
star
5

xss-cheatsheet-data

This repository contains all the XSS cheatsheet data to allow contributions from the community.
380
star
6

hackability

Probe a rendering engine for vulnerabilities and other features
JavaScript
362
star
7

BChecks

BChecks collection for Burp Suite Professional
320
star
8

dastardly-github-action

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
Dockerfile
126
star
9

portable-data-exfiltration

This repo contains all the injections mentioned in my talk and enumerators.
JavaScript
87
star
10

distribute-damage

Evenly distributes scanner load across targets
Java
76
star
11

httpoxy-scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.
Java
76
star
12

replicator

Burp extension to help developers replicate findings from pen tests
Java
64
star
13

burp-extensions-montoya-api

Burp Extensions Api
Java
64
star
14

burp-extender-api

Burp Wiener API (Legacy)
Java
54
star
15

python-scripter

Sourced from gist: https://gist.github.com/mwielgoszewski/7026954
Python
50
star
16

css-exfiltration

HTML
43
star
17

serialization-examples

Java
33
star
18

aws-security-checks

AWS Security Checks
Python
31
star
19

example-hello-world

Java
31
star
20

server-side-prototype-pollution

Java
22
star
21

burp-extensions-montoya-api-examples

Examples for using the Montoya API with Burp Suite
Java
20
star
22

example-intruder-payloads

Java
19
star
23

example-scanner-checks

Java
18
star
24

reflected-parameters

Java
18
star
25

nice-script

A JavaScript sandbox using proxies
JavaScript
17
star
26

custom-logger

Java
16
star
27

example-custom-editor-tab

Java
15
star
28

example-event-listeners

Java
15
star
29

bseept

Burp Suite Enterprise Edition Power Tools
Python
13
star
30

3d-css-tutorial

HTML
12
star
31

example-custom-scan-insertion-points

Java
12
star
32

enterprise-reference-stack-for-aws

Smarty
7
star
33

viewstate-editor

Burp extension to add a view state tab to the message editor
Java
6
star
34

random-ip-address-header

Java
5
star
35

research-labs

This repository contains a number of insecure self-hosted applications that allows interested security engineers to test vulnerabilities found by Portswigger Research team.
TypeScript
5
star
36

html5-auditor

Java
5
star
37

certsquirt

A golang PKI in less than 1000 lines of code.
Go
3
star
38

example-custom-session-tokens

Java
2
star
39

example-custom-logger

Java
2
star
40

manual-scan-issues

Java
2
star
41

websphere-portlet-state-decoder

Python
1
star
42

burp-jenkins-integration

Enterprise integration with Jenkins
Java
1
star
43

open-day

1
star
44

enterprise-helm-charts

Helm charts for BSEE Kubernetes installation.
Smarty
1
star