class documentation
class Burpa: (source)
Constructor: Burpa(api_url, api_port, new_api_url, new_api_port, ...)
High level interface for the Burp Suite Security Tool.
| Parameters | |
| api | Burp Suite REST API Extension URL. Environment variable: 'BURP_API_URL'. |
| api | Burp REST API Extension Port (default: 8090). Environment variable: 'BURP_API_PORT'. |
| new | Burp Suite Official REST API URL (default: Same as api_url). Environment variable: 'BURP_NEW_API_URL'. |
| new | Burp Suite Official REST API Port (default: 1337). Environment variable: 'BURP_NEW_API_PORT'. |
| new | Burp Suite Official REST API key. Environment variable: 'BURP_NEW_API_KEY'. |
| quiet | Be less verbose, only print on errors. |
| verbose | Be more verbose, prints complete trace on errors. |
| no | Do not print burpa banner. |
| Method | __init__ |
Undocumented |
| Method | proxy |
Check the Burp proxy configuration to make sure it's running and listening on all interfaces and update the Burp proxy configuration if necessary. |
| Method | report |
Generate the reports for the specified targets URLs. If targets is 'all', generate reports that contains all issues for all targets. |
| Method | scan |
Launch an active scan, wait until the end and report the results. |
| Method | schedule |
Launch Burp Suite scans between certain times only. |
| Method | stop |
Shut down the Burp Suite. You can use systemctl or supervisord (Linux) or NSSM (Windows) to automatically restart the Burp Suite Service when it stopped running. |
| Method | test |
Test if burpa can connect to Burp Suite REST APIs. |
| Method | version |
Print burpa version and exit. |
| Method | _get |
Construct a list of the running scans names from the existing Task IDs in the Burp server. |
| Method | _report |
Undocumented |
| Method | _scan |
Print metrics and set the ScanRecord.metrics attribute. |
| Method | _scheduled |
Undocumented |
| Method | _start |
Start a Burp Suite active scan. |
| Method | _stop |
Undocumented |
| Method | _test |
Undocumented |
| Method | _wait |
Wait until the end of the scan(s) and set the ScanRecord.status attribute. |
| Instance Variable | _api |
Undocumented |
| Instance Variable | _logger |
Undocumented |
| Instance Variable | _newapi |
Undocumented |
def __init__(self, api_url:
str = '', api_port: str = '8090', new_api_url: str = '', new_api_port: str = '1337', new_api_key: str = '', verbose: bool = False, quiet: bool = False, no_banner: bool = False):
(source)
¶
Undocumented
Check the Burp proxy configuration to make sure it's running and listening on all interfaces and update the Burp proxy configuration if necessary.
You might need this if you want to send traffic to the Burp proxy.
| Parameters | |
proxystr | Burp Proxy Port. |
def report(self, *targets:
str, report_type: str = 'HTML', report_output_dir: str = '', issue_severity: Union[ = 'All', issue_confidence: Union[ = 'All', csv: bool = False) -> List[:
(source)
¶
Generate the reports for the specified targets URLs. If targets is 'all', generate reports that contains all issues for all targets.
| Parameters | |
*targets:str | Target URL(s) or filename to load target URL(s) from. Use 'all' keyword to search in the proxy history and load target URLs from there. |
reportstr | Burp scan report type (default: HTML). Use 'none' to skip reporting. |
reportstr | Directory to store the reports. Store report in temp directory if empty. |
issueUnion[ | Severity of the scan issues to be included in the report. Acceptable values are All, High, Medium, Low and Information. Multiple values are also accepted if they are comma-separated. |
issueUnion[ | Confidence of the scan issues to be included in the report. Acceptable values are All, Certain, Firm and Tentative. Multiple values are also accepted if they are comma-separated. |
csv:bool | Whether to generate a CSV summary with all issues. |
| Returns | |
list of str | list of generated report files |
def scan(self, *targets:
str, report_type: str = 'HTML', report_output_dir: str = '', excluded: str = '', config: str = '', config_file: str = '', app_user: str = '', app_pass: str = '', issue_severity: Union[ = 'All', issue_confidence: Union[ = 'All', csv: bool = False) -> List[:
(source)
¶
Launch an active scan, wait until the end and report the results.
It will use the official REST API to launch the scan, and the burp-rest-api to get the pretty HTML report.
| Parameters | |
*targets:str | Target URL(s) or filename to load target URL(s) from. Use 'all' keyword to search in the proxy history and load target URLs from there. |
reportstr | Burp scan report type (default: HTML). Use 'none' to skip reporting. |
reportstr | Directory to store the reports. Store report in temp directory if empty. |
excluded:str | Commas separated values of the URLs to exclude from the scope of the scan. |
config:str | Commas separated values of the scan configuration(s) names to apply. |
configstr | Commas separated values of the scan configuration(s) JSON file to read and apply. |
appstr | Application username for authenticated scans. |
appstr | Application password for authenticated scans |
issueUnion[ | Severity of the scan issues to be included in the report. Acceptable values are All, High, Medium, Low and Information. Multiple values are also accepted if they are comma-separated. |
issueUnion[ | Confidence of the scan issues to be included in the report. Acceptable values are All, Certain, Firm and Tentative. Multiple values are also accepted if they are comma-separated. |
csv:bool | Whether to generate a CSV summary with all issues. |
| Returns | |
list of ScanRecord | list of scan records |
def schedule(self, *targets:
str, report_type: str = 'HTML', report_output_dir: str = '', excluded: str = '', config: str = '', app_user: str = '', app_pass: str = '', begin_time: str = '22:00', end_time: str = '05:00', workers: int = 1, issue_severity: Union[ = 'All', issue_confidence: Union[ = 'All', csv: bool = False):
(source)
¶
Launch Burp Suite scans between certain times only.
See 'burpa scan --help' for details on other arguments.
| Parameters | |
*targets:str | Undocumented |
reportstr | Undocumented |
reportstr | Undocumented |
excluded:str | Undocumented |
config:str | Undocumented |
appstr | Undocumented |
appstr | Undocumented |
beginstr | At what time to start the scans. (Default "22:00")
|
endstr | At what time to end the scans. Running scans will finish after the end time. (Default "05:00") |
workers:int | How many asynchronous scans to launch. |
issueUnion[ | Undocumented |
issueUnion[ | Undocumented |
csv:bool | Undocumented |
Shut down the Burp Suite. You can use systemctl or supervisord (Linux) or NSSM (Windows) to automatically restart the Burp Suite Service when it stopped running.
| Parameters | |
wait:str | If other burpa processes running, number of seconds to wait until all the running scans ends. |
force:bool | Stop Burp even if scans are running. |
Test if burpa can connect to Burp Suite REST APIs.
| Parameters | |
wait:str | Number of seconds to wait until the Burp REST APIs are accessible. |
def _report(self, target:
str, report_type: str, timestamp: str, report_output_dir: str, issue_severity: Union[ = 'All', issue_confidence: Union[ = 'All', csv: bool = False) -> List[:
(source)
¶
Undocumented
def _start_scan(self, *targets:
str, excluded: str = '', config: str = '', config_file: str = '', app_user: str = '', app_pass: str = '') -> List[:
(source)
¶
Start a Burp Suite active scan.