7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
64.3%
Wanted to share with you what IMHO is the most promising Burp Suite plugin that just might transform it to the best penetration tool ever. It’s the Vulners plugin, available for free at github (<https://github.com/vulnersCom/burp-vulners-scanner>). If you are lazy like me, a build is available here: <https://github.com/vulnersCom/burp-vulners-scanner/releases/download/1.1/burp-vulners-scanner-1.1.jar>
It’s easy if you know how to deal with a plugin in Burp. If you don’t know, please find a video here: <https://vimeo.com/225078901> and <https://www.youtube.com/watch?v=N1p9ERcjRb0>
Extender->Extensions->Add->Extension in file (.jar)
The developer recommends enabling all the experimental features. No surprises here. There is only one of them and it is called “use scan by location paths”. This feature provides the ability to correlate all the URL paths from live traffic with an exploits database to suggest applicable vulnerability bulletins. It’s a super useful thing, just enable it!
It works well in both passive and active scanning modes. Just plug it in and enjoy the issues in the right panel.
The most useful thing for me here is a blue CVE link, like this: <https://vulners.com/cve/CVE-2016-8743>
As a result, you will have instant access to all of the available CVEs related to your project. No more manual matching needed to understand the threats. Love it!
If you would like to avoid false positives or add some new checks there you may add detection rules in the “Scan rules” tab.
It’s the easiest way to extend your Burp capabilities with custom regexps/signatures to catch something application specific.
Why it’s better than Nessus you may ask? Just because it’s traffic-related checks! Nessus will never find a /wordpress-x/ directory for you but your browser together with Burp Suite can easily solve this task. The modern web cannot be crawled, it should be sniffed instead.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
64.3%