bugcrowd / hunt Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
hunt's People
Contributors
Stargazers
Watchers
Forkers
h3xstream littlecho nuryslyrt sarmentots cclauss m00zh33 doglife007 suriya73 rollys johnhubcr johnjohnsp1 anandtiwarics 3453-315h team-firebugs y4b41 ajm41 av1080p bladeism ksmaheshkumar irivera007 tr4st33 chubbymaggie keerok zachhilbert ismailbozkurt tosgit upgoingstar kbahaxor flying0er s4yhell0 jjsmida rachaelhardin x1ng 5up3rc pekita1 shengqi158 akz747 test123test111 rongqinglee arryboom feiniaoyizhi z3v2cicidi gotric losiry tobey123 h1d3r mohanad-mw3 gub0x1 h3ll0w0lrd open-sec selfevo wisdark magnologan unwitnessed ashr olivierh59500 topotam dkhonig haltcompiler w3bt00lz dipsec fb11 andyzhuang davidrichard2016 therzv lw1988 sbzo crypt0b0y antichown dennisantunes wyousquared t2kien samyoyo insideus 4n6strider alpha0king velespr0 pacejj27 ch4p34un0ir poruchikrj webshell520 toysweet mehrdad-shokri gazcbm shantanu561993 d1pakda5 attacker34 expertasif jibolaoseni ovidsec itsns jobymjohn gusevna skirge pich4ya arunbalu123 joseph-giron wilsonleeee produte zminjiaohunt's Issues
Kali Linux Install
How exactly this plugin is installed?
OS=Kali
Burp Pro:1.7.20
jython was installed.
What am I doing wrong.
Alphabetize Methodology
Alphabetize Methodology categories and sub-categories.
I'm not at good at it. Could you show us how to use it detailly?
Avoid duplicates
Hi,
another great addition would be to not add new entries if already present in the HUNT history.
Thanks!
Possible count issue with the potential targets
There seem to be more number of findings shown in the brackets than there is within the table, as displayed below:
Not 100% sure if I am missing something. Might be that some records can actually have multiple numbers.
Also, as you can see within the image, it is possible to get negative findings too :)
An error occured while loading the extension.
Hello!
I load Jython standalone v2.7.0 and set location to them in BurpSuite "Extender" -> "Options".
Clone repo: git clone https://github.com/bugcrowd/HUNT
And try load both extensions (hunt_scanner.py and hunt_methodology.py). But receive this error:
java.lang.IllegalArgumentException: Cannot create PyString with non-byte value
at org.python.core.PyString.<init>(PyString.java:64)
at org.python.core.PyString.<init>(PyString.java:70)
at org.python.core.Py.newString(Py.java:641)
at org.python.core.PySystemState.initRegistry(PySystemState.java:800)
at org.python.core.PySystemState.doInitialize(PySystemState.java:1045)
at org.python.core.PySystemState.initialize(PySystemState.java:974)
at org.python.core.PySystemState.initialize(PySystemState.java:930)
at org.python.core.PySystemState.initialize(PySystemState.java:925)
at org.python.core.PySystemState.initialize(PySystemState.java:920)
at org.python.core.PySystemState.initialize(PySystemState.java:916)
at org.python.core.ThreadStateMapping.getThreadState(ThreadStateMapping.java:32)
at org.python.core.Py.getThreadState(Py.java:1440)
at org.python.core.Py.getThreadState(Py.java:1436)
at org.python.core.Py.getSystemState(Py.java:1456)
at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:105)
at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:94)
at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:71)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at burp.ohg.<init>(Unknown Source)
at burp.spf.a(Unknown Source)
at burp.gih.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
I need install some python modules? This is new system, so I don't have any special modules.
Readme contains misleading info
Step 3 sounds like "select some files with .py extension and add it to the app" with no concrete info.
Where to find these files? Are they different for different text fields? Should it be "hunt_scanner.py" file as on your screenshot? and etc.
how to setting in burpsuite 2.0
how to setting in burpsuite 2.0 scaner??
Incorrect identification of parameters
The parameters being identified using the static analysis is not working as it should (in my opinion at least). I think the tool should filter out cases where the analysed string is a sub-string of the parameter, as displayed below:
(For the string no, in IDOR)
To by honest, I'm not sure if that is intentional, as I can see why it can be.
Finally just wanted to say, great job with the plugin! It's actually really nice to use! :)
Automatic search in request and response of HUNT Scanner (Nice to have feature)
I think it would be nice to have the likely affected parameter identified by HUNT Scanner to be added to the search bar of the ITextEditor instance. This can be done using the setSearchExpression method of ITextEditor.
I can make this change provided I can find the instance of each ITextEditor (shouldn't be that hard)
Do you think this would be worth a pull request? @swagnetow @jhaddix
Indentation is incorrect in CMDI.py causing errors when loading into ZAP
CMDI.py uses a combination of spaces and tabs which is causing an error when enabling.
No Information loaded
check the screenshot : http://prntscr.com/gj6lhe
No module problem
I already installed lib module python2 and python3
C:\Users\moon.robert>pip install lib
Requirement already satisfied: lib in c:\python27\lib\site-packages (3.0.0)
but it is still appearing error msg
Traceback (most recent call last):
File "C:\Users\moon.robert\Downloads\11. Tools For WebHacking\HUNT_Scanner.py", line 9, in
from lib.issues import Issues
ImportError: No module named lib
at org.python.core.Py.ImportError(Py.java:328)
at org.python.core.imp.import_first(imp.java:877)
at org.python.core.imp.import_module_level(imp.java:972)
at org.python.core.imp.importName(imp.java:1062)
at org.python.core.ImportFunction.__call__(__builtin__.java:1280)
at org.python.core.PyObject.__call__(PyObject.java:431)
at org.python.core.__builtin__.__import__(__builtin__.java:1232)
at org.python.core.imp.importFromAs(imp.java:1156)
at org.python.core.imp.importFrom(imp.java:1132)
at org.python.pycode._pyx4.f$0(C:\Users\moon.robert\Downloads\11. Tools For WebHacking\HUNT_Scanner.py:66)
at org.python.pycode._pyx4.call_function(C:\Users\moon.robert\Downloads\11. Tools For WebHacking\HUNT_Scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1386)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:535)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:286)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at burp.ohg.<init>(Unknown Source)
at burp.spf.a(Unknown Source)
at burp.gih.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
I am not able to install hunt
Traceback (most recent call last):
File "C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py", line 55, in init
self.view = View(self.issues)
File "C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py", line 111, in init
self.set_scanner_panes()
File "C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py", line 191, in set_scanner_panes
bottom_pane = self.create_tabbed_pane()
File "C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py", line 208, in create_tabbed_pane
tabbed_pane.add("Advisory", JScrollPane())
at javax.swing.AbstractButton.setUIProperty(Unknown Source)
at javax.swing.LookAndFeel.installProperty(Unknown Source)
at javax.swing.plaf.synth.SynthButtonUI.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthButtonUI.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton$SynthArrowButtonUI.installDefaults(Unknown Source)
at javax.swing.plaf.basic.BasicButtonUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.AbstractButton.setUI(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton.updateUI(Unknown Source)
at javax.swing.AbstractButton.init(Unknown Source)
at javax.swing.JButton.<init>(Unknown Source)
at javax.swing.JButton.<init>(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton.<init>(Unknown Source)
at javax.swing.plaf.synth.SynthScrollBarUI$2.<init>(Unknown Source)
at javax.swing.plaf.synth.SynthScrollBarUI.createIncreaseButton(Unknown Source)
at javax.swing.plaf.basic.BasicScrollBarUI.installComponents(Unknown Source)
at javax.swing.plaf.basic.BasicScrollBarUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.JScrollBar.setUI(Unknown Source)
at javax.swing.JScrollBar.updateUI(Unknown Source)
at javax.swing.JScrollBar.<init>(Unknown Source)
at javax.swing.JScrollBar.<init>(Unknown Source)
at javax.swing.JScrollPane$ScrollBar.<init>(Unknown Source)
at javax.swing.JScrollPane.createHorizontalScrollBar(Unknown Source)
at javax.swing.JScrollPane.<init>(Unknown Source)
at javax.swing.JScrollPane.<init>(Unknown Source)
at sun.reflect.GeneratedConstructorAccessor53.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)
java.lang.ClassCastException: java.lang.ClassCastException: javax.swing.plaf.InputMapUIResource cannot be cast to java.lang.Number
at org.python.core.Py.JavaError(Py.java:546)
at org.python.core.Py.JavaError(Py.java:537)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:221)
at org.python.core.PyReflectedConstructor.__call__(PyReflectedConstructor.java:180)
at org.python.core.PyObject.__call__(PyObject.java:419)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at org.python.core.PyObject.__call__(PyObject.java:449)
at org.python.pycode._pyx4.create_tabbed_pane$29(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py:214)
at org.python.pycode._pyx4.call_function(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx4.set_scanner_panes$26(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py:184)
at org.python.pycode._pyx4.call_function(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx4.__init__$13(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py:113)
at org.python.pycode._pyx4.call_function(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyFunction.__call__(PyFunction.java:476)
at org.python.core.PyInstance.__init__(PyInstance.java:124)
at org.python.core.PyClass.__call__(PyClass.java:193)
at org.python.core.PyObject.__call__(PyObject.java:461)
at org.python.core.PyObject.__call__(PyObject.java:465)
at org.python.pycode._pyx4.__init__$5(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py:55)
at org.python.pycode._pyx4.call_function(C:\Users\protiviti\Downloads\BurpSuite_Pro_v1.7.26\HUNT-master\HUNT-master\Burp\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at burp.uue.<init>(Unknown Source)
at burp.mn.a(Unknown Source)
at burp.ooh.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassCastException: javax.swing.plaf.InputMapUIResource cannot be cast to java.lang.Number
at javax.swing.AbstractButton.setUIProperty(Unknown Source)
at javax.swing.LookAndFeel.installProperty(Unknown Source)
at javax.swing.plaf.synth.SynthButtonUI.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthButtonUI.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton$SynthArrowButtonUI.installDefaults(Unknown Source)
at javax.swing.plaf.basic.BasicButtonUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.AbstractButton.setUI(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton.updateUI(Unknown Source)
at javax.swing.AbstractButton.init(Unknown Source)
at javax.swing.JButton.(Unknown Source)
at javax.swing.JButton.(Unknown Source)
at javax.swing.plaf.synth.SynthArrowButton.(Unknown Source)
at javax.swing.plaf.synth.SynthScrollBarUI$2.(Unknown Source)
at javax.swing.plaf.synth.SynthScrollBarUI.createIncreaseButton(Unknown Source)
at javax.swing.plaf.basic.BasicScrollBarUI.installComponents(Unknown Source)
at javax.swing.plaf.basic.BasicScrollBarUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.JScrollBar.setUI(Unknown Source)
at javax.swing.JScrollBar.updateUI(Unknown Source)
at javax.swing.JScrollBar.(Unknown Source)
at javax.swing.JScrollBar.(Unknown Source)
at javax.swing.JScrollPane$ScrollBar.(Unknown Source)
at javax.swing.JScrollPane.createHorizontalScrollBar(Unknown Source)
at javax.swing.JScrollPane.(Unknown Source)
at javax.swing.JScrollPane.(Unknown Source)
at sun.reflect.GeneratedConstructorAccessor53.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)
... 56 more
Import Proxy History at startup
Hi,
thanks for the great tool!
As a suggestion I would like to see an option to import proxy history at startup so that I do not lose all the HUNT entries after having closed Burp.
Something like that is already implemented in Logger++ if you want to take a look.
Thanks in advance!
Typos discovered by codespell
./Burp/conf/wahh.json:102: Lenght ==> Length
./Burp/conf/wahh.json:274: maping ==> mapping
./ZAP/scripts/passive/IDOR.py:4: posible ==> possible
./ZAP/scripts/passive/SSRF.py:4: posible ==> possible
./ZAP/scripts/passive/CMDi.py:4: posible ==> possible
./ZAP/scripts/passive/Debug & Logic Parameters.py:4: posible ==> possible
./ZAP/scripts/passive/SSTI.py:4: posible ==> possible
./ZAP/scripts/passive/SQLi.py:4: posible ==> possible
./ZAP/scripts/passive/File Inclusion.py:4: posible ==> possible
Fixing the issue with the source path for issue.json and checklist.json
Full path to issue.json and checklist.json should be defined to work properly.
Line 556 for hunt_scanner.py and line 161,171 for hunt_methodology.py should be edit by the user with full paths.
Here is the fix:
hunt_scanner.txt
hunt_methodology.txt
Add OWASP ASVS methodology
Add OWASP Application Security Verification Standard methodology JSON file.
Unknown Exception
Hello I got This Exception:
Traceback (most recent call last):
File "/root/HUNT/hunt_scanner.py", line 87, in createMenuItems
return self.view.get_context_menu()
File "/root/HUNT/hunt_scanner.py", line 377, in get_context_menu
return self.context_menu
AttributeError: View instance has no attribute 'context_menu'
at org.python.core.Py.AttributeError(Py.java:205)
at org.python.core.PyInstance.noAttributeError(PyInstance.java:273)
at org.python.core.PyObject.__getattr__(PyObject.java:1008)
at org.python.pycode._pyx1.get_context_menu$42(/root/HUNT/hunt_scanner.py:377)
at org.python.pycode._pyx1.call_function(/root/HUNT/hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx1.createMenuItems$8(/root/HUNT/hunt_scanner.py:87)
at org.python.pycode._pyx1.call_function(/root/HUNT/hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$BurpExtender$7.createMenuItems(Unknown Source)
at burp.esd.a(Unknown Source)
at burp.o4b.a(Unknown Source)
at burp.qse.a(Unknown Source)
at burp.qse.a(Unknown Source)
at burp.ppd.a(Unknown Source)
at burp.ppd.mousePressed(Unknown Source)
at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:280)
at java.awt.Component.processMouseEvent(Component.java:6530)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4522)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Any Idea What this is.
Thanks
Alphabetize Scanner
Alphabetize Scanner categories and sub-categories.
Unable to install extension
SyntaxError: Non-ASCII character in file '/root/Downloads/HUNT/hunt_scanner.py', but no encoding declared;
I get above error, Plz can you assist ?
Enhancement: Highlighting the parameter in request tab
Thanks for making it,
while using it i noticed once Hunt list some suspected parameter, after selecting the suspected request, we directly don't notice the suspected parameter in the request, so it can be helpful to highlight the suspected parameter in request tab specifically in cases where multiple params getting sent.
Stricter Regex
First, and quickly, just want to say this project is awesome. Great idea!
Second, I am getting a lot of false positive parameters from common words found in requests.
For example:
id parameter gets flagged in the word "Trident" (on the User Agent)
ip parameter gets flagged in the word "script"
field parameter gets flagged in "hiddenfield"
view parameter gets flagged in Viewstate
etc.
Maybe there can be a keyword exclusion list?
Missing "Send to HUNT Methodology" Menu
Hi folks,
Thanks for the hard work on a great plugin!
I had some issues with HUNT Methodology - specifically I was unable to send requests to that tab due to a missing menu item. I figured I'd share these details in case they were helpful. Apologies if I'm missing something obvious.
My details:
- Kali Linux Rolling (up to date)
- Burp Professional v1.7.31
I am able to fix the issue by adding the following lines to hunt_methodology.py as well as dumping your lib folder into a folder configured in Burp under Extensions > Options > Python Environment > Folder for loading extra modules.
from javax.swing import JMenuItem
from javax.swing import JMenu
from menu_action_listener import MenuActionListener
The following errors are available in the Extensions tab, before applying the fix. After applying the fix, it works great.
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Traceback (most recent call last):
File "/opt/burp-extensions/HUNT/Burp/hunt_methodology.py", line 49, in createMenuItems
hunt_methodology_menu = JMenu("Send to HUNT Methodology")
NameError: global name 'JMenu' is not defined
at org.python.core.Py.NameError(Py.java:284)
at org.python.core.PyFrame.getglobal(PyFrame.java:265)
at org.python.pycode._pyx4.createMenuItems$7(/opt/burp-extensions/HUNT/Burp/hunt_methodology.py:68)
at org.python.pycode._pyx4.call_function(/opt/burp-extensions/HUNT/Burp/hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$BurpExtender$6.createMenuItems(Unknown Source)
at burp.g1i.a(Unknown Source)
at burp.h2c.a(Unknown Source)
at burp.sfh.a(Unknown Source)
at burp.cke.a(Unknown Source)
at burp.h2h.mousePressed(Unknown Source)
at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:280)
at java.awt.Component.processMouseEvent(Component.java:6530)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4522)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Traceback (most recent call last):
File "/opt/burp-extensions/HUNT/Burp/hunt_methodology.py", line 49, in createMenuItems
hunt_methodology_menu = JMenu("Send to HUNT Methodology")
NameError: global name 'JMenu' is not defined
at org.python.core.Py.NameError(Py.java:284)
at org.python.core.PyFrame.getglobal(PyFrame.java:265)
at org.python.pycode._pyx4.createMenuItems$7(/opt/burp-extensions/HUNT/Burp/hunt_methodology.py:68)
at org.python.pycode._pyx4.call_function(/opt/burp-extensions/HUNT/Burp/hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$BurpExtender$6.createMenuItems(Unknown Source)
at burp.g1i.a(Unknown Source)
at burp.h2c.a(Unknown Source)
at burp.sfh.a(Unknown Source)
at burp.cke.a(Unknown Source)
at burp.h2h.mousePressed(Unknown Source)
at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:280)
at java.awt.Component.processMouseEvent(Component.java:6530)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2236)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2294)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4522)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466)
at java.awt.Container.dispatchEventImpl(Container.java:2280)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Add OWASP T10 2017 methodology
Add OWASP Top 10 2017 methodology JSON file.
Add PTES methodology
Add Penetration Testing Execution Standard methodology JSON file
OWASP TT and OWASP ASVS Methodologies
Add these two to the included methodologies.
Request: Burp Persistence & Checkboxes
Hi team,
I'm logging this as a "nice to have". Apologies if this has already been discussed.
When I am working on a project in Burp Suite, I can send bugs to and write notes in HUNT Methodology. This is awesome. Unfortunately, this all disappears when I close Burp for the day. This means that it can not reliably be used to track the progress of a project.
Additionally, it would be really great to have a checkbox to mark a stage as complete. Ideally, this would be visible in Methodology's tree view on the left, but I'm not sure if that's possible with the framework.
Thanks for the hard work, this is a great project.
Installation issue - Caused by: java.lang.ClassCastException: class javax.swing.plaf.nimbus.DerivedColor$UIResource cannot be cast to class java.awt.Font
Hi - I saw there was a closed issue related to this yet I'm performing a fresh install on Kali and hitting the same class cast error. On OSX this was installed w/o a problem. I reused the jython jar- thinking perhaps the interface between python / java was updated but I'm still seeing this issue.
Sharing while I continue to troubleshoot.
root@kali# java --version
openjdk 11.0.3 2019-04-16
OpenJDK Runtime Environment (build 11.0.3+1-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.3+1-Debian-1, mixed mode, sharing)
Traceback (most recent call last):
File "/root/0day/HUNT-master/Burp/hunt_scanner.py", line 26, in __init__
self.view = View(self.issues)
File "/root/0day/HUNT-master/Burp/lib/view.py", line 54, in __init__
self.set_scanner_panes()
File "/root/0day/HUNT-master/Burp/lib/view.py", line 133, in set_scanner_panes
bottom_pane = self.create_tabbed_pane()
File "/root/0day/HUNT-master/Burp/lib/view.py", line 151, in create_tabbed_pane
tabbed_pane.add("Response", JScrollPane())
at java.desktop/javax.swing.plaf.nimbus.NimbusStyle.getFontForState(NimbusStyle.java:581)
at java.desktop/javax.swing.plaf.synth.SynthStyle.installDefaults(SynthStyle.java:935)
at java.desktop/javax.swing.plaf.nimbus.NimbusStyle.installDefaults(NimbusStyle.java:237)
at java.desktop/javax.swing.plaf.synth.SynthStyle.installDefaults(SynthStyle.java:918)
at java.desktop/javax.swing.plaf.synth.SynthLookAndFeel.updateStyle(SynthLookAndFeel.java:270)
at java.desktop/javax.swing.plaf.synth.SynthButtonUI.updateStyle(SynthButtonUI.java:83)
at java.desktop/javax.swing.plaf.synth.SynthButtonUI.installDefaults(SynthButtonUI.java:66)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton$SynthArrowButtonUI.installDefaults(SynthArrowButton.java:69)
at java.desktop/javax.swing.plaf.basic.BasicButtonUI.installUI(BasicButtonUI.java:105)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:685)
at java.desktop/javax.swing.AbstractButton.setUI(AbstractButton.java:1753)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton.updateUI(SynthArrowButton.java:52)
at java.desktop/javax.swing.AbstractButton.init(AbstractButton.java:2136)
at java.desktop/javax.swing.JButton.<init>(JButton.java:131)
at java.desktop/javax.swing.JButton.<init>(JButton.java:85)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton.<init>(SynthArrowButton.java:41)
at java.desktop/javax.swing.plaf.synth.SynthScrollBarUI$1.<init>(SynthScrollBarUI.java:374)
at java.desktop/javax.swing.plaf.synth.SynthScrollBarUI.createDecreaseButton(SynthScrollBarUI.java:374)
at java.desktop/javax.swing.plaf.basic.BasicScrollBarUI.installComponents(BasicScrollBarUI.java:289)
at java.desktop/javax.swing.plaf.basic.BasicScrollBarUI.installUI(BasicScrollBarUI.java:208)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:685)
at java.desktop/javax.swing.JScrollBar.setUI(JScrollBar.java:210)
at java.desktop/javax.swing.JScrollBar.updateUI(JScrollBar.java:231)
at java.desktop/javax.swing.JScrollBar.<init>(JScrollBar.java:165)
at java.desktop/javax.swing.JScrollBar.<init>(JScrollBar.java:182)
at java.desktop/javax.swing.JScrollPane$ScrollBar.<init>(JScrollPane.java:702)
at java.desktop/javax.swing.JScrollPane.createVerticalScrollBar(JScrollPane.java:854)
at java.desktop/javax.swing.JScrollPane.<init>(JScrollPane.java:300)
at java.desktop/javax.swing.JScrollPane.<init>(JScrollPane.java:352)
at java.base/jdk.internal.reflect.GeneratedConstructorAccessor46.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:213)
java.lang.ClassCastException: java.lang.ClassCastException: class javax.swing.plaf.nimbus.DerivedColor$UIResource cannot be cast to class java.awt.Font (javax.swing.plaf.nimbus.DerivedColor$UIResource and java.awt.Font are in module java.desktop of loader 'bootstrap')
at org.python.core.Py.JavaError(Py.java:547)
at org.python.core.Py.JavaError(Py.java:538)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:223)
at org.python.core.PyReflectedConstructor.__call__(PyReflectedConstructor.java:182)
at org.python.core.PyObject.__call__(PyObject.java:422)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:20)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:2408)
at org.python.core.PyType.__call__(PyType.java:2389)
at org.python.core.PyObject.__call__(PyObject.java:446)
at org.python.core.PyObject.__call__(PyObject.java:450)
at lib.view$py.create_tabbed_pane$19(/root/0day/HUNT-master/Burp/lib/view.py:155)
at lib.view$py.call_function(/root/0day/HUNT-master/Burp/lib/view.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:134)
at org.python.core.PyFunction.__call__(PyFunction.java:416)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at lib.view$py.set_scanner_panes$16(/root/0day/HUNT-master/Burp/lib/view.py:127)
at lib.view$py.call_function(/root/0day/HUNT-master/Burp/lib/view.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:134)
at org.python.core.PyFunction.__call__(PyFunction.java:416)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at lib.view$py.__init__$2(/root/0day/HUNT-master/Burp/lib/view.py:57)
at lib.view$py.call_function(/root/0day/HUNT-master/Burp/lib/view.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
at org.python.core.PyFunction.__call__(PyFunction.java:485)
at org.python.core.PyFunction.__call__(PyFunction.java:479)
at org.python.core.PyInstance.__init__(PyInstance.java:124)
at org.python.core.PyClass.__call__(PyClass.java:193)
at org.python.core.PyObject.__call__(PyObject.java:461)
at org.python.core.PyObject.__call__(PyObject.java:465)
at org.python.pycode._pyx4.__init__$5(/root/0day/HUNT-master/Burp/hunt_scanner.py:26)
at org.python.pycode._pyx4.call_function(/root/0day/HUNT-master/Burp/hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
at org.python.core.PyFunction.__call__(PyFunction.java:485)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:20)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:2408)
at org.python.core.PyType.__call__(PyType.java:2389)
at org.python.core.PyObject.__call__(PyObject.java:446)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:567)
at burp.bx_.<init>(Unknown Source)
at burp.ax_.a(Unknown Source)
at burp.e7y.lambda$panelLoaded$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: java.lang.ClassCastException: class javax.swing.plaf.nimbus.DerivedColor$UIResource cannot be cast to class java.awt.Font (javax.swing.plaf.nimbus.DerivedColor$UIResource and java.awt.Font are in module java.desktop of loader 'bootstrap')
at java.desktop/javax.swing.plaf.nimbus.NimbusStyle.getFontForState(NimbusStyle.java:581)
at java.desktop/javax.swing.plaf.synth.SynthStyle.installDefaults(SynthStyle.java:935)
at java.desktop/javax.swing.plaf.nimbus.NimbusStyle.installDefaults(NimbusStyle.java:237)
at java.desktop/javax.swing.plaf.synth.SynthStyle.installDefaults(SynthStyle.java:918)
at java.desktop/javax.swing.plaf.synth.SynthLookAndFeel.updateStyle(SynthLookAndFeel.java:270)
at java.desktop/javax.swing.plaf.synth.SynthButtonUI.updateStyle(SynthButtonUI.java:83)
at java.desktop/javax.swing.plaf.synth.SynthButtonUI.installDefaults(SynthButtonUI.java:66)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton$SynthArrowButtonUI.installDefaults(SynthArrowButton.java:69)
at java.desktop/javax.swing.plaf.basic.BasicButtonUI.installUI(BasicButtonUI.java:105)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:685)
at java.desktop/javax.swing.AbstractButton.setUI(AbstractButton.java:1753)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton.updateUI(SynthArrowButton.java:52)
at java.desktop/javax.swing.AbstractButton.init(AbstractButton.java:2136)
at java.desktop/javax.swing.JButton.<init>(JButton.java:131)
at java.desktop/javax.swing.JButton.<init>(JButton.java:85)
at java.desktop/javax.swing.plaf.synth.SynthArrowButton.<init>(SynthArrowButton.java:41)
at java.desktop/javax.swing.plaf.synth.SynthScrollBarUI$1.<init>(SynthScrollBarUI.java:374)
at java.desktop/javax.swing.plaf.synth.SynthScrollBarUI.createDecreaseButton(SynthScrollBarUI.java:374)
at java.desktop/javax.swing.plaf.basic.BasicScrollBarUI.installComponents(BasicScrollBarUI.java:289)
at java.desktop/javax.swing.plaf.basic.BasicScrollBarUI.installUI(BasicScrollBarUI.java:208)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:685)
at java.desktop/javax.swing.JScrollBar.setUI(JScrollBar.java:210)
at java.desktop/javax.swing.JScrollBar.updateUI(JScrollBar.java:231)
at java.desktop/javax.swing.JScrollBar.<init>(JScrollBar.java:165)
at java.desktop/javax.swing.JScrollBar.<init>(JScrollBar.java:182)
at java.desktop/javax.swing.JScrollPane$ScrollBar.<init>(JScrollPane.java:702)
at java.desktop/javax.swing.JScrollPane.createVerticalScrollBar(JScrollPane.java:854)
at java.desktop/javax.swing.JScrollPane.<init>(JScrollPane.java:300)
at java.desktop/javax.swing.JScrollPane.<init>(JScrollPane.java:352)
at java.base/jdk.internal.reflect.GeneratedConstructorAccessor46.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:213)
... 60 more
doesn't work
load burp extension error
`Traceback (most recent call last):
File "E:\github\HUNT\hunt_methodology.py", line 47, in init
self.view = View()
File "E:\github\HUNT\hunt_methodology.py", line 214, in init
self.set_tabbed_panes()
File "E:\github\HUNT\hunt_methodology.py", line 299, in set_tabbed_panes
tabbed_pane = self.set_tabbed_pane(functionality_name, test_name)
File "E:\github\HUNT\hunt_methodology.py", line 312, in set_tabbed_pane
self.tabbed_pane = JTabbedPane()
at javax.swing.plaf.nimbus.NimbusStyle.getFontForState(Unknown Source)
at javax.swing.plaf.synth.SynthStyle.installDefaults(Unknown Source)
at javax.swing.plaf.nimbus.NimbusStyle.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthStyle.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthLookAndFeel.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthTabbedPaneUI.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthTabbedPaneUI.installDefaults(Unknown Source)
at javax.swing.plaf.basic.BasicTabbedPaneUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.JTabbedPane.setUI(Unknown Source)
at javax.swing.JTabbedPane.updateUI(Unknown Source)
at javax.swing.JTabbedPane.<init>(Unknown Source)
at javax.swing.JTabbedPane.<init>(Unknown Source)
at sun.reflect.GeneratedConstructorAccessor46.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)
java.lang.ClassCastException: java.lang.ClassCastException: java.lang.Integer cannot be cast to java.awt.Font
at org.python.core.Py.JavaError(Py.java:546)
at org.python.core.Py.JavaError(Py.java:537)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:221)
at org.python.core.PyReflectedConstructor.__call__(PyReflectedConstructor.java:180)
at org.python.core.PyObject.__call__(PyObject.java:419)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at org.python.core.PyObject.__call__(PyObject.java:449)
at org.python.pycode._pyx1.set_tabbed_pane$41(E:\github\HUNT\hunt_methodology.py:316)
at org.python.pycode._pyx1.call_function(E:\github\HUNT\hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:170)
at org.python.core.PyFunction.__call__(PyFunction.java:434)
at org.python.core.PyMethod.__call__(PyMethod.java:156)
at org.python.pycode._pyx1.set_tabbed_panes$39(E:\github\HUNT\hunt_methodology.py:294)
at org.python.pycode._pyx1.call_function(E:\github\HUNT\hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx1.__init__$28(E:\github\HUNT\hunt_methodology.py:216)
at org.python.pycode._pyx1.call_function(E:\github\HUNT\hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyFunction.__call__(PyFunction.java:476)
at org.python.core.PyInstance.__init__(PyInstance.java:124)
at org.python.core.PyClass.__call__(PyClass.java:193)
at org.python.core.PyObject.__call__(PyObject.java:445)
at org.python.core.PyObject.__call__(PyObject.java:449)
at org.python.pycode._pyx1.__init__$5(E:\github\HUNT\hunt_methodology.py:47)
at org.python.pycode._pyx1.call_function(E:\github\HUNT\hunt_methodology.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at burp.ngf.<init>(Unknown Source)
at burp.a3f.a(Unknown Source)
at burp.s8b.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassCastException: java.lang.Integer cannot be cast to java.awt.Font
at javax.swing.plaf.nimbus.NimbusStyle.getFontForState(Unknown Source)
at javax.swing.plaf.synth.SynthStyle.installDefaults(Unknown Source)
at javax.swing.plaf.nimbus.NimbusStyle.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthStyle.installDefaults(Unknown Source)
at javax.swing.plaf.synth.SynthLookAndFeel.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthTabbedPaneUI.updateStyle(Unknown Source)
at javax.swing.plaf.synth.SynthTabbedPaneUI.installDefaults(Unknown Source)
at javax.swing.plaf.basic.BasicTabbedPaneUI.installUI(Unknown Source)
at javax.swing.JComponent.setUI(Unknown Source)
at javax.swing.JTabbedPane.setUI(Unknown Source)
at javax.swing.JTabbedPane.updateUI(Unknown Source)
at javax.swing.JTabbedPane.(Unknown Source)
at javax.swing.JTabbedPane.(Unknown Source)
at sun.reflect.GeneratedConstructorAccessor46.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)
... 56 more
`
Display only in scope entries
Hi Caleb,
another feature idea today!
What do you think if HUNT would be able to just load entries that are within the scope?
This way by changing the scope we should see different results, same as for Burp History & Target.
Let me know what you think! :)
Unicode problem with issues.json
Attached files are error logs while adding hunt_scanner.py and hunt_methodology.py. I also attached an image of burp extensions options.
hunt_methodology_error.txt
huntscanner_error.txt
Thank you!
Problem when trying to load JSON File within HUNT Methodology
Hey,
I seem to be having issues trying to load an external JSON file from the settings tab of the HUNT Methodology extension.
Error seen from the Extender console tab
Traceback (most recent call last):
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 26, in actionPerformed
self.load_data(file_name)
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 48, in load_data
new_tree = JTree(checklist_tree)
NameError: global name 'JTree' is not defined
Traceback (most recent call last):
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 26, in actionPerformed
self.load_data(file_name)
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 48, in load_data
new_tree = JTree(checklist_tree)
NameError: global name 'JTree' is not defined
Traceback (most recent call last):
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 26, in actionPerformed
self.load_data(file_name)
File "/root/Downloads/HUNT-master/Burp/lib/methodology_settings_action.py", line 48, in load_data
new_tree = JTree(checklist_tree)
NameError: global name 'JTree' is not defined
Burp Suite version used: Burp Suite Professional 1.7.30
Jython version: 2.7.0
Steps to recreate:
- Try to load a JSON file such as wahh,json
Question: Does HUNT scanner work with the community edition of Burp?
As mentioned in the readme it could be installed in the community edition of Burp. HUNT scanner is however linked to the Burp scanner which isn't available in the community edition.
So, does the HUNT scanner works with the community edition?
Thanks in advance
Error in installation
Jython standalone jar is added. Extender Add hunt_scanner.py It gives me such error
Traceback (most recent call last):
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 48, in run
self.runner()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 54, in init
self.issues = Issues()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 543, in init
self.set_json()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 547, in set_json
data_file = os.getcwd() + os.sep + "conf" + os.sep + "issues.json"
IOError: [Errno 2] No such file or directory: 'E:\0Appsec\Burpsuite\conf\issues.json'
Traceback (most recent call last):
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 54, in init
self.issues = Issues()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 543, in init
self.set_json()
File "E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py", line 547, in set_json
data_file = os.getcwd() + os.sep + "conf" + os.sep + "issues.json"
IOError: (2, 'No such file or directory', 'E:\0Appsec\Burpsuite\conf\issues.json')
at org.python.core.Py.IOError(Py.java:226)
at org.python.core.io.FileIO.<init>(FileIO.java:102)
at org.python.core.PyFile.file___init__(PyFile.java:177)
at org.python.core.PyFile$exposed___new__.createOfType(Unknown Source)
at org.python.core.PyOverridableNew.new_impl(PyOverridableNew.java:12)
at org.python.core.PyType.invokeNew(PyType.java:494)
at org.python.core.PyType.type___call__(PyType.java:1706)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.OpenFunction.__call__(__builtin__.java:1725)
at org.python.core.PyObject.__call__(PyObject.java:461)
at org.python.core.PyObject.__call__(PyObject.java:465)
at org.python.pycode._pyx2.set_json$66(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py:550)
at org.python.pycode._pyx2.call_function(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at org.python.core.PyMethod.__call__(PyMethod.java:126)
at org.python.pycode._pyx2.__init__$65(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py:544)
at org.python.pycode._pyx2.call_function(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyFunction.__call__(PyFunction.java:476)
at org.python.core.PyInstance.__init__(PyInstance.java:124)
at org.python.core.PyClass.__call__(PyClass.java:193)
at org.python.core.PyObject.__call__(PyObject.java:445)
at org.python.core.PyObject.__call__(PyObject.java:449)
at org.python.pycode._pyx2.__init__$5(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py:55)
at org.python.pycode._pyx2.call_function(E:\0Appsec\Burpsuite\HUNT\hunt_scanner.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:445)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at burp.ngf.<init>(Unknown Source)
at burp.a3f.a(Unknown Source)
at burp.s8b.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Option to only add "in-scope" items (Nice to have feature)
Yet another nice feature to have that would not be hard to implement. Can implement and add in a PR if you would like :)
Error loading the extension in Burp Pro
Hi,
I wanted to try your plugin, having the latest version of BURP PRO (as of today: 1.7.34).
I did install jython a few months ago and have other extensions installed (usually through the BAapp Store).
Downloaded your 2x .py files
Added a python extension for both of the files...
but getting the following error on loading them:
java.lang.Exception: Failed to load Python interpreter from Jython JAR file
at burp.l5.(Unknown Source)
at burp.i7i.a(Unknown Source)
at burp.hrb.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Some security warnings I need to disable somewhere? any change of having your extension on the BAapp store?
Thanks!
Bugs.
No requests are captured by the HUNT scanner
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.