hannob
commented
6 years ago I'm not familiar with burp.
I'm not sure how feasible it would be to put the knowledge of this tool into an abstract format. There's a reason I wrote code, there are often tricky cornercases and heuristics.
You're obviously free to do whatever you want with the code. The license (CC0) allows relicensing it to whatever you see fitting.
floyd-fuh
Thank you for the tool, it has a lot of helpful tests.
As a pentester I really appreciate this being a simple tool I can just run. But as I am lazy and a lot of pentesters use Burp Suite Proxy, I think an Active Scan extension for this (that can be written in python as well) would be really helpful, because then it turns into a one-click job which is done anyway. I know, it's proprietary software which will not fit everyone. However, the tool is part of many pentester's daily life. The question is just how the knowledge (mainly URL + detection string in response) could be shared between this project and a Burp extension and maybe other projects (if you would agree to that). So having a central "configuration" file that would list such checks would probably generate synergies. On the other hand we probably all agree that we don't want to be too generic, such as (maybe you get some more ideas for tests here): https://github.com/fuzzdb-project/fuzzdb/tree/master/discovery/predictable-filepaths There is also something similar as a Burp extension here (again maybe you get some more ideas for tests here): https://github.com/unamer/CTFHelper/blob/master/CTFhelper.py
So would you be interested in such a thing? Would it be an option to put the "knowledge" of this tool into a clever json configuration file that might define response content checks, regex checks, etc.? I think if I understood the license correctly that should be fine.
Honestly I haven't decided yet if I'm going to write a Burp plugin for this, but I'm definitely putting it somewhere in the middle of my TODO list...