Burp Suite plugin¶
Vulners Burp Suite Plugin uses the vulners.com vulnerability database API to improve the security auditing capabilities of Burp Suite.
- Identify software versions in HTTP responses and verify them against the Vulners.com vulnerability database for known vulnerabilities, inspired by the 'Software Version Reporter' plugin..
- Explore unique URLs on vulners.com to discover potential exploits associated with specific paths..
When vulnerable software is detected, it provides detailed insights, including CVEs, advisories, and applicable exploits, directly within the Burp Suite interface.
How to use¶
Video tutorial:
Prerequisites¶
- Burp Suite Professional Edition
- Java 1.7
- Maven
Installation¶
-
Clone the Plugin Repository:
-
Navigate to the VulnersCom/burp-vulners-scanner GitHub page and clone the repository to your local machine.
-
Package the Plugin:
Open a command line or terminal window in the cloned repository's directory and execute the following Maven command::
mvn package
After packaging, find the burp-vulners-scanner.jar
file in the /target
folder within the repository directory.
- Install the Plugin in Burp Suite:
To install the plugin, open Burp Suite and go to the Extender
tab. Then, click on Add
and select the path to the burp-vulners-scanner.jar
file to install the plugin.
Download the Pre-built Plugin¶
If you prefer not to build the plugin yourself, download the ready-to-install build from the latest release on GitHub page.