Report wasn't generated after scan finished

NetsOSS / headless-burp

Automate security tests using Burp Suite.

https://netsoss.github.io/headless-burp/

223 stars 56 forks source link

Report wasn't generated after scan finished #17

Open IgorSasovets opened 5 years ago

IgorSasovets commented 5 years ago

Hi, team! I faced with next issue: after headless-burp-scanner finished its work and terminated there wasn't generated report in project folder. Scan which had 17 urls in scope took approximately 6 hours to complete. I reviewed generated Burp project file in UI mode and didn't find any errors, all tasks were completed. What could go wrong in this case? Thanks in advance!

IgorSasovets commented 5 years ago

Here is my config file:

<?xml version="1.0" encoding="UTF-8"?>
<config>
  <reportType>HTML</reportType>
  <targetSitemap><![CDATA[http://localhost:5000/api/]]></targetSitemap>
  <scope>
<url><![CDATA[http://localhost:5000/api/auth/]]></url>
<url><![CDATA[http://localhost:5000]]></url>
<url><![CDATA[http://localhost:5000/api]]></url>
<url><![CDATA[http://localhost:5000/api/account]]></url>
<url><![CDATA[http://localhost:5000/api/account/accept]]></url>
  </scope>
</config>

0xm4ud commented 4 years ago

@IgorSasovets have you manage to find a fix, bud ?

IgorSasovets commented 4 years ago

Hi, @m4udSec ! Unfortunately, no. I was forced to use BurpSuite REST API because after upgrade to the latest BurpSuite Pro version scan didn't start at all.

Anurag599 commented 2 years ago

Hi @IgorSasovets are you able to generate report through BurpSuite Rest API? if yes, can you please help me how to do it?

IgorSasovets commented 2 years ago

Hello @Anurag599 , unfortunately no. I managed to achieve my goals using burp-rest-api tool. So far, it works well with the latest versions of Burp Suite

gabriel-cardoso-dev commented 2 years ago

Hello, @IgorSasovets. Can't you generate a report with burp-rest-api either? I'm making a project where I'm supposed to send an xml report from Burp to DefectDojo, a tool that would store and do the management of the vulnerabilities, but it seems to be impossible to generate a report with headless burp.

Anurag599 commented 2 years ago

Hello @IgorSasovets , How are you able to generate report using burp-rest-api? It would be great help if you share some sort of solution.

IgorSasovets commented 2 years ago

@gabriel-cardoso-dev , @Anurag599 , in order to generate report using burp-rest-api tool you should do the following (I assume that at the moment of generating report active scan is done and your target domain name was added to scope):

curl -X GET "http://localhost:8090/burp/report?reportType=HTML&urlPrefix=http%3A%2F%2Fexample.com"

where http%3A%2F%2Fexample.com represents the tested application URL. More details about the allowed APIs can be reviewed in the documentation.

gabriel-cardoso-dev commented 2 years ago

Thank you very much @IgorSasovets , I'll try it out!

Anurag599 commented 2 years ago

Thanks a lot @IgorSasovets, I tried and it is working perfectly fine.