• Stars
    star
    2,152
  • Rank 21,437 (Top 0.5 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 7 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

HUNT Suite Proxy Extensions

HUNT Logo

What is HUNT Suite?

  • HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions.
  • Identifies common parameters vulnerable to certain vulnerability classes (Burp Suite Pro and OWASP ZAP).
  • Organize testing methodologies (Burp Suite Pro and Free).

HUNT Parameter Scanner - Vulnerability Classes

  • SQL Injection
  • Local/Remote File Inclusion & Path Traversal
  • Server Side Request Forgery & Open Redirect
  • OS Command Injection
  • Insecure Direct Object Reference
  • Server Side Template Injection
  • Logic & Debug Parameters
  • Cross Site Scripting
  • External Entity Injection
  • Malicious File Upload

TODO

  • Change regex for parameter names to include user_id instead of just id
  • Search in scanner window
  • Highlight param in scanner window
  • Implement script name checking, REST URL support, JSON & XML post-body params.
  • Support normal convention of Request tab: Raw, Params, Headers, Hex sub-tabs inside scanner
  • Add more methodology JSON files:
    • Web Application Hacker's Handbook
    • PCI
    • HIPAA
    • CREST
    • OWASP Top Ten
    • OWASP Application Security Verification Standard
    • Penetration Testing Execution Standard
    • Burp Suite Methodology
  • Add more text for advisory in scanner window
  • Add more descriptions and resources in methodology window
  • Add functionality to send request/response to other Burp tabs like Repeater

Authors

  • JP Villanueva
  • Jason Haddix

Contributors

  • Ryan Black
  • Fatih Egbatan
  • Vishal Shah

HUNT Suite for Burp Suite Pro/Free

HUNT Parameter Scanner (hunt_scanner.py)

HUNT Scanner

This extension does not test these parameters, but rather alerts on them so that a bug hunter can test them manually. For each class of vulnerability, Bugcrowd has identified common parameters or functions associated with that vulnerability class. We also provide curated resources in the issue description to do thorough manual testing of these vulnerability classes.

HUNT Testing Methodology (hunt_methodology.py)

HUNT Methodology

This extension allows testers to send requests and responses to a Burp Suite tab called "HUNT Methodology". This tab contains a tree on the left side that is a visual representation of your testing methodology. By sending request/responses here testers can organize or attest to having done manual testing in that section of the application or having completed a certain methodology step.

Installing HUNT Suite for Burp Suite Pro/Free

Getting Started

  1. Download the latest standalone Jython jar.
  2. Navigate to Extender -> Options. Adding Jython
  • Locate the section called Python Environment.
  • Add the location of the Jython jar by clicking Select file....
  1. Navigate to Extender -> Extensions. Adding Extension
  • Click Add.
  • Locate Extension Details.
    • Select "Python" as the Extension Type.
    • Click "Select file..." to select the location of where the extension is located in your filesystem.
    • Do this for both the HUNT Parameter Scanner and HUNT Testing Methodology
  1. The HUNT Parameter Scanner will begin to run across traffic that flows through the proxy.

Setting Scope

This is an important step to set your testing scope as the passive scanner is incredibly noisy. Instead of polluting the Scanner window, the HUNT Parameter Scanner creates its own window with its own findings.

  1. Navigate to Target -> Scope. Target Scope
  • Click the "Use advanced scope control" checkbox.
  • Click add to include to your scope.
  1. Navigate to Scanner -> Live scanning.
  • Under the "Live Passive Scanning" section, click "Use suite scope [defined in the target tab]". Passive Scanner

Important Notes

HUNT Parameter Scanner leverages the passive scanning API within Burp. Here are the conditions under which passive scan checks are run:

  • First request of an active scan
  • Proxy requests
  • Any time "Do a passive scan" is selected from the context menu

Passive scans are not run on the following:

  • On every active scan response
  • On Repeater responses
  • On Intruder responses
  • On Sequencer responses
  • On Spider responses

HUNT Scanner for OWASP ZAP (Alpha - Contributed by Ricardo Lobo @_sbzo)

Hunt scanner is included into community scripts for ZAP Proxy.

  1. Find the "Manage Addons" icon, ensure you have Python Scripting and Community Scripts installed.
  2. Ensure "show All Tabs" icon is clicked
  3. Click the Tools menu, navigate to the Options section. Select Passive Scanner and check the box Scan messages only in scope and then OK
  4. Click into the Scripts tab (next to the Sites tab)
  5. Look for Hunt.py should appear under passive rules
  6. Right click in the script under passive rules and enable it and save it
  7. Browse sites and receive alerts from the sites included in contexts!

License

Licensed with the Apache 2.0 License here

More Repositories

1

bugcrowd_university

Open source education content for the researcher community
2,600
star
2

vulnerability-rating-taxonomy

Bugcrowdโ€™s baseline priority ratings for common security vulnerabilities
Python
427
star
3

tipjar

200
star
4

templates

Repository to house markdown templates for researchers
Ruby
189
star
5

disclosure-policy

Open Source Vulnerability Disclosure Framework. Maintained by Bugcrowd and Cipherlaw. Merged with https://github.com/disclose/dioterms.
128
star
6

test-summary-buildkite-plugin

Buildkite plugin to summarise all test failures as an annotation
Ruby
66
star
7

directory

20
star
8

ecs-deployment-monitor

Monitor an ECS Deployment
JavaScript
15
star
9

aws-iam-proxy

This proxy signs requests with AWS IAM credentials.
JavaScript
13
star
10

adama

Adama - Command and Invoker Pattern For Getting Things Done
Ruby
13
star
11

vrt-ruby

Ruby library for interacting with Bugcrowd's VRT
Ruby
13
star
12

ecs-service-image-updater

Update an ECS service to use a new Docker image
JavaScript
12
star
13

levelup

SCSS
10
star
14

ecs-task-runner

Run a Docker task on AWS ECS and stream logs back via AWS Cloudwatch Logs
JavaScript
10
star
15

double_red

API for collecting Double Red color sensor readings (Winter 2017 hackathon)
Elixir
7
star
16

hedge

Percy โ†”๏ธ GitHub integration
Elixir
6
star
17

ecs-task-definition-validator

Validates ECS Task Definitions with JSON Schema
JavaScript
5
star
18

methodology-taxonomy

The BMT explains the baselines for different types of testing on bugcrowd.com
Python
5
star
19

ecr-pusher

ECR Pusher assists pushing docker images to AWS Elastic Container Registries
Shell
4
star
20

homebrew-cartons

Homebrew tap for apps we release
Ruby
3
star
21

drpepper

Dr Pepper needs help with their new AWS infrastructure
2
star
22

rubocop-bugcrowd

Bugcrowd-specific Rubocop cops
Ruby
2
star
23

bmt-ruby

Rubygem for the Bugcrowd Methodology Taxonomy
Ruby
1
star