A small python wrapper to get started with automating BURP Professional scans via REST API.
The BURP documentation can be found here.
-
Create and activate Python virtual environment
python3 -m venv venv source ./venv/bin/activate -
Install python packages
pip install -r requirements.txt
-
Enable the REST API and create an API key in BURP
-
Put the API key in your .env file (or use the
.env.examplefile)echo API_KEY="<api_key>" > .env
-
Set your scan target or configure appropriate scan settings in
burpomator.py -
Run burpomator
python3 burpomator.py
A full scan configuration can be defined as follows:
{
"urls": [
"<string>",
"<string>"
],
"name": "<string>",
"scope": {
"include": [
{
"rule": "<string>"
},
{
"rule": "<string>"
}
],
"exclude": [
{
"rule": "<string>"
},
{
"rule": "<string>"
}
]
},
"application_logins": [
{
"username": "<string>",
"password": "<string>"
},
{
"username": "<string>",
"password": "<string>"
}
],
"scan_configurations": [
{
"name": "<string>"
},
{
"name": "<string>"
}
],
"resource_pool": "<string>",
"scan_callback": {
"url": "<string>"
},
"protocol_option": "httpAndHttps"
}You can check out the API specs at:
http://127.0.0.1:1337/<api_key>
Also check out the swagger.json in specs/burp_openapi.json for the OpenAPI Specification file.