The propose of this script is scan using the burp-rest-api for Burp Suite that will use target files.
For the proper functioning it’s necessary the following tool: https://github.com/vmware/burp-rest-api and command screen.
The script reads the config.ini file where it is configured:
- folderrestapi = Folder where burp-rest-api is located (e.g. -> /home/user/burp-rest-api/)
- telegrambot = Here you must enter yes (to send notification via telegram) or no
- token = Telegram token (e.g. -> 123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11 )
- chatid = Telegram chat id (e.g. -> 11111 )
- downloadreport = Number of seconds to wait before cancelling the scan and downloading the report (e.g. -> 3600)
The procedure usage of the script is the following:
- We use as an argument a file with the hosts.
- The script adds each host to spider.
- Once the scan is completed, there are reports in xml and html.
- Then we parse the xml and save the results in SQLite.
- Once each scan is completed is sending the vulnerabilities identified.
- When a scan is finished, an alert message is sent via Telegram specifying the host and the number of identified vulnerabilities
Example:
# python3 scan-burp-suite-cmd.py domains.txt
By now it works only in Linux, we will provide support for Mac and Windows soon.
Sorry about the code, I’m not good developing.