/BChecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition

GNU Lesser General Public License v3.0LGPL-3.0

BChecks

BChecks for Burp Suite Professional and Burp Suite Enterprise Edition, developed by PortSwigger and the community with šŸ§”

Documentation

Burp Suite Professional: To view the documentation, go to Extensions > BChecks and click the ? icon in the top-right corner of the window.

Burp Suite Enterprise Edition: To learn more about BChecks, see Adding BChecks to Burp Suite Enterprise Edition.

To see all of our documentation on BChecks for both Burp Suite Professional and Burp Suite Enterprise Edition, see BCheck definitions.

Blogs

Burp Suite Shorts | BCheck v2-beta language

What's new with BChecks?

Introducing custom scan checks to Burp Suite Enterprise Edition

Supporting Sprocket Security's offensive security testing with BChecks

The top 10 community-created BChecks, so far...

BChecks: Houston, we have a solution!

Burp Suite Shorts | BChecks

Community submissions

BChecks are a community-driven effort and as such we encourage you to share your own BChecks and improve upon the existing ones.

To learn about the process of contributing to the repository, see Contributing.

BChecks

Examples

We've put together some example BChecks, to help you get started:

  • Blind SSRF via out-of-band detection
  • Exposed git directory
  • Leaked AWS Tokens
  • Log4Shell via out-of-band detection
  • Server Side Prototype Pollution
  • Suspicious Input Transformation

/examples

Vulnerabilities CVEd

The following BChecks look for specific vulnerabilities which have a CVE:

/vulnerabilities-CVEd

Vulnerability classes

These BChecks look for specific vulnerability classes as opposed to discrete vulnerabilities:

/vulnerability-classes

Other

You can see other BChecks that have been created by the community, doing wonderful things that we didn't imagine:

/other

Archive

You can see archived BChecks that have been preserved for users with older versions of Burp Suite:

/archived

Disclaimer

BChecks are written and maintained by third-party users of Burp. We review the pull requests for new community-created scripts before they are added to this repository. However, PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.