Home

Awesome

burpstaticscan

Use burp's JS static code analysis on code from your local system. Here's generally how the process works:

$ ./burpstaticscan -dir ./foo
2014/11/02 18:11:22 Static file server listening on http://localhost:9999, serving /foo
2014/11/02 18:11:22 Adding http://localhost:9999 to scope
2014/11/02 18:11:22 Walking directory, each file sent to burp's passive scan
2014/11/02 18:11:22 1 file sent to burp
2014/11/02 18:11:22 http://localhost:9999 removed from scope

Installation

Depends on the burpbuddy extension. Binary packages for most operating systems are available here. There are no external dependencies, just extract and run with ./burpstaticscan.

Usage

$ ./burpstaticscan -h
Usage of ./burpstaticscan:
  -burpbuddy="http://localhost:8001": HTTP API URL for burpbuddy
  -dir="": directory with code to scan
  -host="localhost": host for the file server to listen on
  -port="9999": port for the file server to listen on