bugcrowd / hunt Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
Alphabetize Methodology categories and sub-categories.
Hi,
another great addition would be to not add new entries if already present in the HUNT history.
Thanks!
There seem to be more number of findings shown in the brackets than there is within the table, as displayed below:
Not 100% sure if I am missing something. Might be that some records can actually have multiple numbers.
Also, as you can see within the image, it is possible to get negative findings too :)
Hello!
I load Jython standalone v2.7.0 and set location to them in BurpSuite "Extender" -> "Options".
Clone repo: git clone https://github.com/bugcrowd/HUNT
And try load both extensions (hunt_scanner.py and hunt_methodology.py). But receive this error:
java.lang.IllegalArgumentException: Cannot create PyString with non-byte value
at org.python.core.PyString.<init>(PyString.java:64)
at org.python.core.PyString.<init>(PyString.java:70)
at org.python.core.Py.newString(Py.java:641)
at org.python.core.PySystemState.initRegistry(PySystemState.java:800)
at org.python.core.PySystemState.doInitialize(PySystemState.java:1045)
at org.python.core.PySystemState.initialize(PySystemState.java:974)
at org.python.core.PySystemState.initialize(PySystemState.java:930)
at org.python.core.PySystemState.initialize(PySystemState.java:925)
at org.python.core.PySystemState.initialize(PySystemState.java:920)
at org.python.core.PySystemState.initialize(PySystemState.java:916)
at org.python.core.ThreadStateMapping.getThreadState(ThreadStateMapping.java:32)
at org.python.core.Py.getThreadState(Py.java:1440)
at org.python.core.Py.getThreadState(Py.java:1436)
at org.python.core.Py.getSystemState(Py.java:1456)
at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:105)
at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:94)
at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:71)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at burp.ohg.<init>(Unknown Source)
at burp.spf.a(Unknown Source)
at burp.gih.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
I need install some python modules? This is new system, so I don't have any special modules.
Step 3
sounds like "select some files with .py extension and add it to the app" with no concrete info.
Where to find these files? Are they different for different text fields? Should it be "hunt_scanner.py" file as on your screenshot? and etc.
how to setting in burpsuite 2.0 scaner??
The parameters being identified using the static analysis is not working as it should (in my opinion at least). I think the tool should filter out cases where the analysed string is a sub-string of the parameter, as displayed below:
(For the string no
, in IDOR)
To by honest, I'm not sure if that is intentional, as I can see why it can be.
Finally just wanted to say, great job with the plugin! It's actually really nice to use! :)
I think it would be nice to have the likely affected parameter identified by HUNT Scanner to be added to the search bar of the ITextEditor instance. This can be done using the setSearchExpression
method of ITextEditor.
I can make this change provided I can find the instance of each ITextEditor (shouldn't be that hard)
Do you think this would be worth a pull request? @swagnetow @jhaddix
CMDI.py uses a combination of spaces and tabs which is causing an error when enabling.
check the screenshot : http://prntscr.com/gj6lhe
I already installed lib module python2 and python3
C:\Users\moon.robert>pip install lib
Requirement already satisfied: lib in c:\python27\lib\site-packages (3.0.0)
Traceback (most recent call last):
File "C:\Users\moon.robert\Downloads\11. Tools For WebHacking\HUNT_Scanner.py", line 9, in
from lib.issues import Issues
ImportError: No module named lib
at org.python.core.Py.ImportError(Py.java:328)
at org.python.core.imp.import_first(imp.java:877)
at org.python.core.imp.import_module_level(imp.java:972)
at org.python.core.imp.importName(imp.java:1062)
at org.python.core.ImportFunction.__call__(__builtin__.java:1280)
at org.python.core.PyObject.__call__(PyObject.java:431)
at org.python.core.__builtin__.__import__(__builtin__.java:1232)
at org.python.core.imp.importFromAs(imp.java:1156)
at org.python.core.imp.importFrom(imp.java:1132)
at org.python.pycode._pyx4.f$0(C:\Users\moon.robert\Downloads\11. Tools For WebHacking\HUNT_Scanner.py:66)
at org.python.pycode._pyx4.call_function(C:\Users\moon.robert\Downloads\11. Tools For WebHacking\HUNT_Scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1386)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:535)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:286)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at burp.ohg.<init>(Unknown Source)
at burp.spf.a(Unknown Source)
at burp.gih.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Traceback (most recent call last):
File "C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py", line 55, in init
self.view = View(self.issues)
File "C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py", line 111, in init
self.set_scanner_panes()
File "C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py", line 191, in set_scanner_panes
bottom_pane = self.create_tabbed_pane()
File "C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py", line 208, in create_tabbed_pane
tabbed_pane.add("Advisory", JScrollPane())
at javax.swing.AbstractButton.setUIProperty(Unknown Source)
at javax.swing.LookAndFeel.installProperty(Unknown Source)
at javax.swing.plaf.synth.SynthButtonUI.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthButtonUI.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton$SynthArrowButtonUI.installDefaults(Unknown Source)
at javax.swing.plaf.basic.BasicButtonUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.AbstractButton.setUI(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton.updateUI(Unknown Source)
at javax.swing.AbstractButton.init(Unknown Source)
at javax.swing.JButton.<init>(Unknown Source)
at javax.swing.JButton.<init>(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton.<init>(Unknown Source)
at javax.swing.plaf.synth.SynthScrollBarUI$2.<init>(Unknown Source)
at javax.swing.plaf.synth.SynthScrollBarUI.createIncreaseButton(Unknown Source)
at javax.swing.plaf.basic.BasicScrollBarUI.installComponents(Unknown Source)
at javax.swing.plaf.basic.BasicScrollBarUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.JScrollBar.setUI(Unknown Source)
at javax.swing.JScrollBar.updateUI(Unknown Source)
at javax.swing.JScrollBar.<init>(Unknown Source)
at javax.swing.JScrollBar.<init>(Unknown Source)
at javax.swing.JScrollPane$ScrollBar.<init>(Unknown Source)
at javax.swing.JScrollPane.createHorizontalScrollBar(Unknown Source)
at javax.swing.JScrollPane.<init>(Unknown Source)
at javax.swing.JScrollPane.<init>(Unknown Source)
at sun.reflect.GeneratedConstructorAccessor53.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)
java.lang.ClassCastException: java.lang.ClassCastException: javax.swing.plaf.InputMapUIResource cannot be cast to java.lang.Number
at org.python.core.Py.JavaError(Py.java:546)
at org.python.core.Py.JavaError(Py.java:537)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:221)
at org.python.core.PyReflectedConstructor.__call__(PyReflectedConstructor.java:180)
at org.python.core.PyObject.__call__(PyObject.java:419)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at org.python.core.PyObject.__call__(PyObject.java:449)
at org.python.pycode._pyx4.create_tabbed_pane$29(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py:214)
at org.python.pycode._pyx4.call_function(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx4.set_scanner_panes$26(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py:184)
at org.python.pycode._pyx4.call_function(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx4.__init__$13(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py:113)
at org.python.pycode._pyx4.call_function(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyFunction.__call__(PyFunction.java:476)
at org.python.core.PyInstance.__init__(PyInstance.java:124)
at org.python.core.PyClass.__call__(PyClass.java:193)
at org.python.core.PyObject.__call__(PyObject.java:461)
at org.python.core.PyObject.__call__(PyObject.java:465)
at org.python.pycode._pyx4.__init__$5(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py:55)
at org.python.pycode._pyx4.call_function(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at burp.uue.<init>(Unknown Source)
at burp.mn.a(Unknown Source)
at burp.ooh.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassCastException: javax.swing.plaf.InputMapUIResource cannot be cast to java.lang.Number
at javax.swing.AbstractButton.setUIProperty(Unknown Source)
at javax.swing.LookAndFeel.installProperty(Unknown Source)
at javax.swing.plaf.synth.SynthButtonUI.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthButtonUI.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton$SynthArrowButtonUI.installDefaults(Unknown Source)
at javax.swing.plaf.basic.BasicButtonUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.AbstractButton.setUI(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton.updateUI(Unknown Source)
at javax.swing.AbstractButton.init(Unknown Source)
at javax.swing.JButton.(Unknown Source)
at javax.swing.JButton.(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton.(Unknown Source)
at javax.swing.plaf.synth.SynthScrollBarUI$2.(Unknown Source)
at javax.swing.plaf.synth.SynthScrollBarUI.createIncreaseButton(Unknown Source)
at javax.swing.plaf.basic.BasicScrollBarUI.installComponents(Unknown Source)
at javax.swing.plaf.basic.BasicScrollBarUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.JScrollBar.setUI(Unknown Source)
at javax.swing.JScrollBar.updateUI(Unknown Source)
at javax.swing.JScrollBar.(Unknown Source)
at javax.swing.JScrollBar.(Unknown Source)
at javax.swing.JScrollPane$ScrollBar.(Unknown Source)
at javax.swing.JScrollPane.createHorizontalScrollBar(Unknown Source)
at javax.swing.JScrollPane.(Unknown Source)
at javax.swing.JScrollPane.(Unknown Source)
at sun.reflect.GeneratedConstructorAccessor53.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)
... 56 more
Hi,
thanks for the great tool!
As a suggestion I would like to see an option to import proxy history at startup so that I do not lose all the HUNT entries after having closed Burp.
Something like that is already implemented in Logger++ if you want to take a look.
Thanks in advance!
./Burp/conf/wahh.json:102: Lenght ==> Length
./Burp/conf/wahh.json:274: maping ==> mapping
./ZAP/scripts/passive/IDOR.py:4: posible ==> possible
./ZAP/scripts/passive/SSRF.py:4: posible ==> possible
./ZAP/scripts/passive/CMDi.py:4: posible ==> possible
./ZAP/scripts/passive/Debug & Logic Parameters.py:4: posible ==> possible
./ZAP/scripts/passive/SSTI.py:4: posible ==> possible
./ZAP/scripts/passive/SQLi.py:4: posible ==> possible
./ZAP/scripts/passive/File Inclusion.py:4: posible ==> possible
Full path to issue.json and checklist.json should be defined to work properly.
Line 556 for hunt_scanner.py and line 161,171 for hunt_methodology.py should be edit by the user with full paths.
Here is the fix:
hunt_scanner.txt
hunt_methodology.txt
Add OWASP Application Security Verification Standard methodology JSON file.
Hello I got This Exception:
Traceback (most recent call last):
File "/root/HUNT/hunt_scanner.py", line 87, in createMenuItems
return self.view.get_context_menu()
File "/root/HUNT/hunt_scanner.py", line 377, in get_context_menu
return self.context_menu
AttributeError: View instance has no attribute 'context_menu'
at org.python.core.Py.AttributeError(Py.java:205)
at org.python.core.PyInstance.noAttributeError(PyInstance.java:273)
at org.python.core.PyObject.__getattr__(PyObject.java:1008)
at org.python.pycode._pyx1.get_context_menu$42(/root/HUNT/hunt_scanner.py:377)
at org.python.pycode._pyx1.call_function(/root/HUNT/hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx1.createMenuItems$8(/root/HUNT/hunt_scanner.py:87)
at org.python.pycode._pyx1.call_function(/root/HUNT/hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$BurpExtender$7.createMenuItems(Unknown Source)
at burp.esd.a(Unknown Source)
at burp.o4b.a(Unknown Source)
at burp.qse.a(Unknown Source)
at burp.qse.a(Unknown Source)
at burp.ppd.a(Unknown Source)
at burp.ppd.mousePressed(Unknown Source)
at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:280)
at java.awt.Component.processMouseEvent(Component.java:6530)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4522)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Any Idea What this is.
Thanks
Alphabetize Scanner categories and sub-categories.
SyntaxError: Non-ASCII character in file '/root/Downloads/HUNT/hunt_scanner.py', but no encoding declared;
I get above error, Plz can you assist ?
Thanks for making it,
while using it i noticed once Hunt list some suspected parameter, after selecting the suspected request, we directly don't notice the suspected parameter in the request, so it can be helpful to highlight the suspected parameter in request tab specifically in cases where multiple params getting sent.
First, and quickly, just want to say this project is awesome. Great idea!
Second, I am getting a lot of false positive parameters from common words found in requests.
For example:
id parameter gets flagged in the word "Trident" (on the User Agent)
ip parameter gets flagged in the word "script"
field parameter gets flagged in "hiddenfield"
view parameter gets flagged in Viewstate
etc.
Maybe there can be a keyword exclusion list?
Hi folks,
Thanks for the hard work on a great plugin!
I had some issues with HUNT Methodology - specifically I was unable to send requests to that tab due to a missing menu item. I figured I'd share these details in case they were helpful. Apologies if I'm missing something obvious.
My details:
I am able to fix the issue by adding the following lines to hunt_methodology.py as well as dumping your lib folder into a folder configured in Burp under Extensions > Options > Python Environment > Folder for loading extra modules.
from javax.swing import JMenuItem
from javax.swing import JMenu
from menu_action_listener import MenuActionListener
The following errors are available in the Extensions tab, before applying the fix. After applying the fix, it works great.
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Traceback (most recent call last):
File "/opt/burp-extensions/HUNT/Burp/hunt_methodology.py", line 49, in createMenuItems
hunt_methodology_menu = JMenu("Send to HUNT Methodology")
NameError: global name 'JMenu' is not defined
at org.python.core.Py.NameError(Py.java:284)
at org.python.core.PyFrame.getglobal(PyFrame.java:265)
at org.python.pycode._pyx4.createMenuItems$7(/opt/burp-extensions/HUNT/Burp/hunt_methodology.py:68)
at org.python.pycode._pyx4.call_function(/opt/burp-extensions/HUNT/Burp/hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$BurpExtender$6.createMenuItems(Unknown Source)
at burp.g1i.a(Unknown Source)
at burp.h2c.a(Unknown Source)
at burp.sfh.a(Unknown Source)
at burp.cke.a(Unknown Source)
at burp.h2h.mousePressed(Unknown Source)
at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:280)
at java.awt.Component.processMouseEvent(Component.java:6530)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4522)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Traceback (most recent call last):
File "/opt/burp-extensions/HUNT/Burp/hunt_methodology.py", line 49, in createMenuItems
hunt_methodology_menu = JMenu("Send to HUNT Methodology")
NameError: global name 'JMenu' is not defined
at org.python.core.Py.NameError(Py.java:284)
at org.python.core.PyFrame.getglobal(PyFrame.java:265)
at org.python.pycode._pyx4.createMenuItems$7(/opt/burp-extensions/HUNT/Burp/hunt_methodology.py:68)
at org.python.pycode._pyx4.call_function(/opt/burp-extensions/HUNT/Burp/hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$BurpExtender$6.createMenuItems(Unknown Source)
at burp.g1i.a(Unknown Source)
at burp.h2c.a(Unknown Source)
at burp.sfh.a(Unknown Source)
at burp.cke.a(Unknown Source)
at burp.h2h.mousePressed(Unknown Source)
at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:280)
at java.awt.Component.processMouseEvent(Component.java:6530)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4522)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Add OWASP Top 10 2017 methodology JSON file.
Add Penetration Testing Execution Standard methodology JSON file
Add these two to the included methodologies.
Hi team,
I'm logging this as a "nice to have". Apologies if this has already been discussed.
When I am working on a project in Burp Suite, I can send bugs to and write notes in HUNT Methodology. This is awesome. Unfortunately, this all disappears when I close Burp for the day. This means that it can not reliably be used to track the progress of a project.
Additionally, it would be really great to have a checkbox to mark a stage as complete. Ideally, this would be visible in Methodology's tree view on the left, but I'm not sure if that's possible with the framework.
Thanks for the hard work, this is a great project.
Hi - I saw there was a closed issue related to this yet I'm performing a fresh install on Kali and hitting the same class cast error. On OSX this was installed w/o a problem. I reused the jython jar- thinking perhaps the interface between python / java was updated but I'm still seeing this issue.
Sharing while I continue to troubleshoot.
root@kali# java --version
openjdk 11.0.3 2019-04-16
OpenJDK Runtime Environment (build 11.0.3+1-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.3+1-Debian-1, mixed mode, sharing)
Traceback (most recent call last):
File "/root/0day/HUNT-master/Burp/hunt_scanner.py", line 26, in __init__
self.view = View(self.issues)
File "/root/0day/HUNT-master/Burp/lib/view.py", line 54, in __init__
self.set_scanner_panes()
File "/root/0day/HUNT-master/Burp/lib/view.py", line 133, in set_scanner_panes
bottom_pane = self.create_tabbed_pane()
File "/root/0day/HUNT-master/Burp/lib/view.py", line 151, in create_tabbed_pane
tabbed_pane.add("Response", JScrollPane())
at java.desktop/javax.swing.plaf.nimbus.NimbusStyle.getFontForState(NimbusStyle.java:581)
at java.desktop/javax.swing.plaf.synth.SynthStyle.installDefaults(SynthStyle.java:935)
at java.desktop/javax.swing.plaf.nimbus.NimbusStyle.installDefaults(NimbusStyle.java:237)
at java.desktop/javax.swing.plaf.synth.SynthStyle.installDefaults(SynthStyle.java:918)
at java.desktop/javax.swing.plaf.synth.SynthLookAndFeel.updateStyle(SynthLookAndFeel.java:270)
at java.desktop/javax.swing.plaf.synth.SynthButtonUI.updateStyle(SynthButtonUI.java:83)
at java.desktop/javax.swing.plaf.synth.SynthButtonUI.installDefaults(SynthButtonUI.java:66)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton$SynthArrowButtonUI.installDefaults(SynthArrowButton.java:69)
at java.desktop/javax.swing.plaf.basic.BasicButtonUI.installUI(BasicButtonUI.java:105)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:685)
at java.desktop/javax.swing.AbstractButton.setUI(AbstractButton.java:1753)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton.updateUI(SynthArrowButton.java:52)
at java.desktop/javax.swing.AbstractButton.init(AbstractButton.java:2136)
at java.desktop/javax.swing.JButton.<init>(JButton.java:131)
at java.desktop/javax.swing.JButton.<init>(JButton.java:85)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton.<init>(SynthArrowButton.java:41)
at java.desktop/javax.swing.plaf.synth.SynthScrollBarUI$1.<init>(SynthScrollBarUI.java:374)
at java.desktop/javax.swing.plaf.synth.SynthScrollBarUI.createDecreaseButton(SynthScrollBarUI.java:374)
at java.desktop/javax.swing.plaf.basic.BasicScrollBarUI.installComponents(BasicScrollBarUI.java:289)
at java.desktop/javax.swing.plaf.basic.BasicScrollBarUI.installUI(BasicScrollBarUI.java:208)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:685)
at java.desktop/javax.swing.JScrollBar.setUI(JScrollBar.java:210)
at java.desktop/javax.swing.JScrollBar.updateUI(JScrollBar.java:231)
at java.desktop/javax.swing.JScrollBar.<init>(JScrollBar.java:165)
at java.desktop/javax.swing.JScrollBar.<init>(JScrollBar.java:182)
at java.desktop/javax.swing.JScrollPane$ScrollBar.<init>(JScrollPane.java:702)
at java.desktop/javax.swing.JScrollPane.createVerticalScrollBar(JScrollPane.java:854)
at java.desktop/javax.swing.JScrollPane.<init>(JScrollPane.java:300)
at java.desktop/javax.swing.JScrollPane.<init>(JScrollPane.java:352)
at java.base/jdk.internal.reflect.GeneratedConstructorAccessor46.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:213)
java.lang.ClassCastException: java.lang.ClassCastException: class javax.swing.plaf.nimbus.DerivedColor$UIResource cannot be cast to class java.awt.Font (javax.swing.plaf.nimbus.DerivedColor$UIResource and java.awt.Font are in module java.desktop of loader 'bootstrap')
at org.python.core.Py.JavaError(Py.java:547)
at org.python.core.Py.JavaError(Py.java:538)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:223)
at org.python.core.PyReflectedConstructor.__call__(PyReflectedConstructor.java:182)
at org.python.core.PyObject.__call__(PyObject.java:422)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:20)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:2408)
at org.python.core.PyType.__call__(PyType.java:2389)
at org.python.core.PyObject.__call__(PyObject.java:446)
at org.python.core.PyObject.__call__(PyObject.java:450)
at lib.view$py.create_tabbed_pane$19(/root/0day/HUNT-master/Burp/lib/view.py:155)
at lib.view$py.call_function(/root/0day/HUNT-master/Burp/lib/view.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:134)
at org.python.core.PyFunction.__call__(PyFunction.java:416)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at lib.view$py.set_scanner_panes$16(/root/0day/HUNT-master/Burp/lib/view.py:127)
at lib.view$py.call_function(/root/0day/HUNT-master/Burp/lib/view.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:134)
at org.python.core.PyFunction.__call__(PyFunction.java:416)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at lib.view$py.__init__$2(/root/0day/HUNT-master/Burp/lib/view.py:57)
at lib.view$py.call_function(/root/0day/HUNT-master/Burp/lib/view.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
at org.python.core.PyFunction.__call__(PyFunction.java:485)
at org.python.core.PyFunction.__call__(PyFunction.java:479)
at org.python.core.PyInstance.__init__(PyInstance.java:124)
at org.python.core.PyClass.__call__(PyClass.java:193)
at org.python.core.PyObject.__call__(PyObject.java:461)
at org.python.core.PyObject.__call__(PyObject.java:465)
at org.python.pycode._pyx4.__init__$5(/root/0day/HUNT-master/Burp/hunt_scanner.py:26)
at org.python.pycode._pyx4.call_function(/root/0day/HUNT-master/Burp/hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
at org.python.core.PyFunction.__call__(PyFunction.java:485)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:20)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:2408)
at org.python.core.PyType.__call__(PyType.java:2389)
at org.python.core.PyObject.__call__(PyObject.java:446)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:567)
at burp.bx_.<init>(Unknown Source)
at burp.ax_.a(Unknown Source)
at burp.e7y.lambda$panelLoaded$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: java.lang.ClassCastException: class javax.swing.plaf.nimbus.DerivedColor$UIResource cannot be cast to class java.awt.Font (javax.swing.plaf.nimbus.DerivedColor$UIResource and java.awt.Font are in module java.desktop of loader 'bootstrap')
at java.desktop/javax.swing.plaf.nimbus.NimbusStyle.getFontForState(NimbusStyle.java:581)
at java.desktop/javax.swing.plaf.synth.SynthStyle.installDefaults(SynthStyle.java:935)
at java.desktop/javax.swing.plaf.nimbus.NimbusStyle.installDefaults(NimbusStyle.java:237)
at java.desktop/javax.swing.plaf.synth.SynthStyle.installDefaults(SynthStyle.java:918)
at java.desktop/javax.swing.plaf.synth.SynthLookAndFeel.updateStyle(SynthLookAndFeel.java:270)
at java.desktop/javax.swing.plaf.synth.SynthButtonUI.updateStyle(SynthButtonUI.java:83)
at java.desktop/javax.swing.plaf.synth.SynthButtonUI.installDefaults(SynthButtonUI.java:66)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton$SynthArrowButtonUI.installDefaults(SynthArrowButton.java:69)
at java.desktop/javax.swing.plaf.basic.BasicButtonUI.installUI(BasicButtonUI.java:105)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:685)
at java.desktop/javax.swing.AbstractButton.setUI(AbstractButton.java:1753)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton.updateUI(SynthArrowButton.java:52)
at java.desktop/javax.swing.AbstractButton.init(AbstractButton.java:2136)
at java.desktop/javax.swing.JButton.<init>(JButton.java:131)
at java.desktop/javax.swing.JButton.<init>(JButton.java:85)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton.<init>(SynthArrowButton.java:41)
at java.desktop/javax.swing.plaf.synth.SynthScrollBarUI$1.<init>(SynthScrollBarUI.java:374)
at java.desktop/javax.swing.plaf.synth.SynthScrollBarUI.createDecreaseButton(SynthScrollBarUI.java:374)
at java.desktop/javax.swing.plaf.basic.BasicScrollBarUI.installComponents(BasicScrollBarUI.java:289)
at java.desktop/javax.swing.plaf.basic.BasicScrollBarUI.installUI(BasicScrollBarUI.java:208)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:685)
at java.desktop/javax.swing.JScrollBar.setUI(JScrollBar.java:210)
at java.desktop/javax.swing.JScrollBar.updateUI(JScrollBar.java:231)
at java.desktop/javax.swing.JScrollBar.<init>(JScrollBar.java:165)
at java.desktop/javax.swing.JScrollBar.<init>(JScrollBar.java:182)
at java.desktop/javax.swing.JScrollPane$ScrollBar.<init>(JScrollPane.java:702)
at java.desktop/javax.swing.JScrollPane.createVerticalScrollBar(JScrollPane.java:854)
at java.desktop/javax.swing.JScrollPane.<init>(JScrollPane.java:300)
at java.desktop/javax.swing.JScrollPane.<init>(JScrollPane.java:352)
at java.base/jdk.internal.reflect.GeneratedConstructorAccessor46.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:213)
... 60 more
load burp extension error
`Traceback (most recent call last):
File "E:\github\HUNT\hunt_methodology.py", line 47, in init
self.view = View()
File "E:\github\HUNT\hunt_methodology.py", line 214, in init
self.set_tabbed_panes()
File "E:\github\HUNT\hunt_methodology.py", line 299, in set_tabbed_panes
tabbed_pane = self.set_tabbed_pane(functionality_name, test_name)
File "E:\github\HUNT\hunt_methodology.py", line 312, in set_tabbed_pane
self.tabbed_pane = JTabbedPane()
at javax.swing.plaf.nimbus.NimbusStyle.getFontForState(Unknown Source)
at javax.swing.plaf.synth.SynthStyle.installDefaults(Unknown Source)
at javax.swing.plaf.nimbus.NimbusStyle.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthStyle.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthLookAndFeel.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthTabbedPaneUI.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthTabbedPaneUI.installDefaults(Unknown Source)
at javax.swing.plaf.basic.BasicTabbedPaneUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.JTabbedPane.setUI(Unknown Source)
at javax.swing.JTabbedPane.updateUI(Unknown Source)
at javax.swing.JTabbedPane.<init>(Unknown Source)
at javax.swing.JTabbedPane.<init>(Unknown Source)
at sun.reflect.GeneratedConstructorAccessor46.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)
java.lang.ClassCastException: java.lang.ClassCastException: java.lang.Integer cannot be cast to java.awt.Font
at org.python.core.Py.JavaError(Py.java:546)
at org.python.core.Py.JavaError(Py.java:537)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:221)
at org.python.core.PyReflectedConstructor.__call__(PyReflectedConstructor.java:180)
at org.python.core.PyObject.__call__(PyObject.java:419)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at org.python.core.PyObject.__call__(PyObject.java:449)
at org.python.pycode._pyx1.set_tabbed_pane$41(E:\github\HUNT\hunt_methodology.py:316)
at org.python.pycode._pyx1.call_function(E:\github\HUNT\hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:170)
at org.python.core.PyFunction.__call__(PyFunction.java:434)
at org.python.core.PyMethod.__call__(PyMethod.java:156)
at org.python.pycode._pyx1.set_tabbed_panes$39(E:\github\HUNT\hunt_methodology.py:294)
at org.python.pycode._pyx1.call_function(E:\github\HUNT\hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx1.__init__$28(E:\github\HUNT\hunt_methodology.py:216)
at org.python.pycode._pyx1.call_function(E:\github\HUNT\hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyFunction.__call__(PyFunction.java:476)
at org.python.core.PyInstance.__init__(PyInstance.java:124)
at org.python.core.PyClass.__call__(PyClass.java:193)
at org.python.core.PyObject.__call__(PyObject.java:445)
at org.python.core.PyObject.__call__(PyObject.java:449)
at org.python.pycode._pyx1.__init__$5(E:\github\HUNT\hunt_methodology.py:47)
at org.python.pycode._pyx1.call_function(E:\github\HUNT\hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at burp.ngf.<init>(Unknown Source)
at burp.a3f.a(Unknown Source)
at burp.s8b.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassCastException: java.lang.Integer cannot be cast to java.awt.Font
at javax.swing.plaf.nimbus.NimbusStyle.getFontForState(Unknown Source)
at javax.swing.plaf.synth.SynthStyle.installDefaults(Unknown Source)
at javax.swing.plaf.nimbus.NimbusStyle.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthStyle.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthLookAndFeel.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthTabbedPaneUI.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthTabbedPaneUI.installDefaults(Unknown Source)
at javax.swing.plaf.basic.BasicTabbedPaneUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.JTabbedPane.setUI(Unknown Source)
at javax.swing.JTabbedPane.updateUI(Unknown Source)
at javax.swing.JTabbedPane.(Unknown Source)
at javax.swing.JTabbedPane.(Unknown Source)
at sun.reflect.GeneratedConstructorAccessor46.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)
... 56 more
`
Hi Caleb,
another feature idea today!
What do you think if HUNT would be able to just load entries that are within the scope?
This way by changing the scope we should see different results, same as for Burp History & Target.
Let me know what you think! :)
Attached files are error logs while adding hunt_scanner.py and hunt_methodology.py. I also attached an image of burp extensions options.
hunt_methodology_error.txt
huntscanner_error.txt
Thank you!
Hey,
I seem to be having issues trying to load an external JSON file from the settings tab of the HUNT Methodology extension.
Error seen from the Extender console tab
Traceback (most recent call last):
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 26, in actionPerformed
self.load_data(file_name)
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 48, in load_data
new_tree = JTree(checklist_tree)
NameError: global name 'JTree' is not defined
Traceback (most recent call last):
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 26, in actionPerformed
self.load_data(file_name)
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 48, in load_data
new_tree = JTree(checklist_tree)
NameError: global name 'JTree' is not defined
Traceback (most recent call last):
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 26, in actionPerformed
self.load_data(file_name)
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 48, in load_data
new_tree = JTree(checklist_tree)
NameError: global name 'JTree' is not defined
Burp Suite version used: Burp Suite Professional 1.7.30
Jython version: 2.7.0
Steps to recreate:
As mentioned in the readme it could be installed in the community edition of Burp. HUNT scanner is however linked to the Burp scanner which isn't available in the community edition.
So, does the HUNT scanner works with the community edition?
Thanks in advance
Jython standalone jar is added. Extender Add hunt_scanner.py It gives me such error
Traceback (most recent call last):
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 48, in run
self.runner()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 54, in init
self.issues = Issues()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 543, in init
self.set_json()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 547, in set_json
data_file = os.getcwd() + os.sep + "conf" + os.sep + "issues.json"
IOError: [Errno 2] No such file or directory: 'E:\0Appsec\Burpsuite\conf\issues.json'
Traceback (most recent call last):
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 54, in init
self.issues = Issues()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 543, in init
self.set_json()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 547, in set_json
data_file = os.getcwd() + os.sep + "conf" + os.sep + "issues.json"
IOError: (2, 'No such file or directory', 'E:\0Appsec\Burpsuite\conf\issues.json')
at org.python.core.Py.IOError(Py.java:226)
at org.python.core.io.FileIO.<init>(FileIO.java:102)
at org.python.core.PyFile.file___init__(PyFile.java:177)
at org.python.core.PyFile$exposed___new__.createOfType(Unknown Source)
at org.python.core.PyOverridableNew.new_impl(PyOverridableNew.java:12)
at org.python.core.PyType.invokeNew(PyType.java:494)
at org.python.core.PyType.type___call__(PyType.java:1706)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.OpenFunction.__call__(__builtin__.java:1725)
at org.python.core.PyObject.__call__(PyObject.java:461)
at org.python.core.PyObject.__call__(PyObject.java:465)
at org.python.pycode._pyx2.set_json$66(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py:550)
at org.python.pycode._pyx2.call_function(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx2.__init__$65(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py:544)
at org.python.pycode._pyx2.call_function(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyFunction.__call__(PyFunction.java:476)
at org.python.core.PyInstance.__init__(PyInstance.java:124)
at org.python.core.PyClass.__call__(PyClass.java:193)
at org.python.core.PyObject.__call__(PyObject.java:445)
at org.python.core.PyObject.__call__(PyObject.java:449)
at org.python.pycode._pyx2.__init__$5(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py:55)
at org.python.pycode._pyx2.call_function(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at burp.ngf.<init>(Unknown Source)
at burp.a3f.a(Unknown Source)
at burp.s8b.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Yet another nice feature to have that would not be hard to implement. Can implement and add in a PR if you would like :)
Hi,
I wanted to try your plugin, having the latest version of BURP PRO (as of today: 1.7.34).
I did install jython a few months ago and have other extensions installed (usually through the BAapp Store).
Downloaded your 2x .py files
Added a python extension for both of the files...
but getting the following error on loading them:
java.lang.Exception: Failed to load Python interpreter from Jython JAR file
at burp.l5.(Unknown Source)
at burp.i7i.a(Unknown Source)
at burp.hrb.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Some security warnings I need to disable somewhere? any change of having your extension on the BAapp store?
Thanks!
Bugs.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.