Awesome
CVSS_Calculator: Offline CVSS Scoring Tool for Burp Suite
CVSS_Calculator is a powerful Burp Suite extension designed for security professionals and penetration testers to calculate CVSS (Common Vulnerability Scoring System) v2 and v3.1 scores of vulnerabilities, entirely offline. This tool integrates seamlessly with Burp Suite, providing a user-friendly graphical interface for assessing the severity of security vulnerabilities based on Base, Temporal, and Environmental metrics.
Key Features:
- Offline CVSS Scoring: Calculate CVSS v2 and v3.1 scores without the need for an internet connection.
- Comprehensive Metrics: Includes Base, Temporal, and Environmental metrics for a thorough vulnerability assessment.
- User-Friendly Interface: Easy-to-use graphical interface integrated into Burp Suite for efficient scoring of vulnerabilities.
- Dual Version Support: Supports both CVSS v2 and v3.1, catering to diverse assessment needs.
Installation
Using BApp Store [Quickest]
- Open Burp Suite.
- Navigate to
Extender -> BApp Store
. - Search for and install the "CVSS Calculator" Extension.
Load The JAR File
- Download the
CVSS_Calculator.jar
file from the repository or build it from the source code. - Open Burp Suite.
- Go to
Extender -> Extensions -> Add
. - Select the
CVSS_Calculator.jar
file and add it to Burp Suite. - A new tab for "CVSS Calculator" will be added to the Burp Suite interface.
Build From Source Code
- Ensure you have Gradle installed.
- Clone the repository:
git clone https://github.com/moeinfatehi/CVSS_Calculator
- Navigate to the main directory (where
build.gradle
exists) and run:gradle makeJar
- The Jar file will be generated in
build/libs/CVSS_Calculator.jar
How to Use CVSS_Calculator
After adding the extension to Burp Suite, a new tab will be available where you can access both CVSS v2 and v3.1 calculators in separate tabs. Simply input the relevant metrics, and the tool will calculate the CVSS scores for you.
Feedback and Contributions
We welcome feedback and contributions to the CVSS_Calculator project. If you find any bugs or have comments, please feel free to contact us. Your input is invaluable in making this tool more effective for the cybersecurity community.
Contact
For any inquiries or suggestions, please reach out via GitHub Issues or contact me directly through my Twitter account.