pentagridsec / pentagridscancontroller Goto Github PK

First of all, I would like to thank the developers for this extension. It fits very well in my workflow and has helped me multiple times on pentests.
One issue I have with it, is that whenever the web application makes a bulk of requests (like when importing multiple JS bundles), PentaGrid Scan Controller hangs my burp and consequently my entire operating system.

I'm afraid it may be a memory leak or excessive I/O. My specs are latest Burp Suite, with GraalVM JDK 11 and Arch Linux. I've tried using other Java runtimes with no success.

Edit: The issue may be related with writing to disk, because whenever I use Pentagrid my project file gets huuuge. (This is after 1 hour of browsing the application)

Hi,

Just watched your talk from earlier in the year and i have been dealing with Portswigger support on similar issues. Controller looks like a great answer to some of my issues.
While Controller will reduce duplication at the request level Burps selection of injection points is still a bug bear for optimal scanning. While there are definitely advantages in scanning the same headers and parameters on different requests it would be good if there was a way to report on and de-duplicate at the injection point level. Just some report of what was being scanner would help identify injection points missed by the default scanner so they can be manually added and scanned.
From your experience with Controller how feasible would it be to collate and report on the injection points being scanned and optimize those injection points into the scanner ?

I ask as i find myself constantly using 'manually send to scanner' due to the large number of parameters and requests involved in complex applications. For an initial scan it isn't a good use of time to be scanning headers and cookies over and over again in different requests. I've had tickets open with Portswigger as their de-duplication doesn't appear to work as per the documentation. i've been thinking of writing a tool to do this myself and it seems like Controller might be the correct place for this capability also.

Hi,

Firstly thanks for the tooling :)

While trying out the extension I noticed that currently it uses the default burp scan configurations, Where as if we launch a scan manually it allows to chose from inbuilt or custom burp scan configurations before the scan.

What it majorly helps with is to make the scanner more efficient and lowers the number of request sent to the server.
For example I am not interested in flash related findings, hence those checks are disabled in my custom scan configuration and hence it never would have checked for it.

So I think it would be great feature to allow users to configure this in options tab under Scan Configuration heading allowing them to choose the scan configuration.

--
Regards,
@bugbaba

Excluded js files, js analysis function does not work, there is no way to analyze the stack and source

For me it seems like all the scanned items are stuck at Phase 1.

This effectively means stored and second order payloads will not be tested. Is this just me or is this a limitation due to the use of the extension driven passive audit e.g. the audit doesn't know when to move to next stages as its waiting for more inputs.

thanks