Burp Suite Professional BChecks developed both by PortSwigger and the community with š§”
If you click the ? Icon in the top right of the BChecks sub tab in the Extensions tab you will be linked to the documentation.
Online documentation can be found here
BChecks: Houston, we have a solution! (blog)
Please issue a pull request and follow the process outlined here
Example BChecks to help you get started covering
- Blind SSRF via out-of-band detection
- Exposed git directory
- Leaked AWS Tokens
- Log4Shell via out-of-band detection
- Server Side Prototype Pollution
- Suspicious Input Transformation
BChecks for specific vulnerabilities which have a CVE
BChecks for specific vulnerability classes as opposed to discrete vulnerabilities.
Other BChecks doing all the wonderful things which we didn't imagine