A BurpSuite extension for vulnerability Scanning
This project is currently under active development. Not all features are implemented, and the code may not be stable. While contributions are appreciated, please note that I am not currently accepting external contributions.
| Vulnerability | Details |
|---|---|
| Blind Time Based Injection | Payloads |
| AWS SSRF | Payloads |
| Reflected XSS | Payloads |
| Error Based SQL injection | Payload-src-github (Payload-src-twitter) (Payload-src-twitter) |
| Forced Browsing | Experimental, likely to be false positive |
| JSON CSRF | Check for Content type text and No Additional headers like bearer |
| JWT Token Expiry | |
| CORS | Check CORS if not check for Common Bypass |
| Verify session cookie or token | Not Part of Active or Passive Scan, Need to be validated before starting a scan through right click menu on any request with a valid session (Not expired) |
| Error Messages and Banner Grab | Passive Scanner for Error message or Server Banner |
| Missing CSP Header | |
| CSP Header with Insecure Directives | |
| CSP Header Missing Required Directives | |
| Missing X-Frame Header | |
| Missing HSTS Header | |
| Check If Request with Body support XML Content Type Header | Partial/ Could be False Positive, will be updated later |
| Session Identifier (HTTP Only Flag) | Only Available if Session Identifier is found |
| Session Identifier (Secure Flag) | Only Available if Session Identifier is found |