Coder Social home page Coder Social logo

ralaam / pentest-mapper Goto Github PK

View Code? Open in Web Editor NEW

This project forked from portswigger/pentest-mapper

1.0 0.0 0.0 2.19 MB

A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities

License: Apache License 2.0

Python 97.04% HTML 2.96%

pentest-mapper's Introduction

Pentest Mapper

Pentest Mapper is a Burp Suite extension that integrates the Burp Suite request logging with a custom application testing checklist. The extension provides a straightforward flow for application penetration testing. The extension includes functionalities to allow users to map the flow of the application for pentesting to better analyse the application and its vulnerabilities. The API calls from each flow can be connected with the function or flow name. The extension allows users to map or connect each flow or API to vulnerability with the custom checklist.

Installation

  • Extension is available on Burp Suite BApp Store

Documentation

https://anof-cyber.github.io/Pentest-Mapper/

Features Summary

1. Checklist

Allows to load the custom checklist

2. API Mapper

Allow to keep track of each API call, Flow and Test Cases for each API calls.

3. Vulnerability

Allows to keep track of vulnerabilities, Map each paramter and API call to vulnerability from the Checklist and severity

4. Config

Allow to set Auto save the project or extension data and auto load the checklist. Also import and export all data with one click

Features

1. Checklist

The checklist allows users to create or upload the custom checklist to map each API call to the vulnerability from the custom uploaded checklist.

picture

2. API Mapper

The API Mapper tab allows logging the HTTP request from the poxy or repeater tab and mapping the request with the flow and sorting the request based on the flow. Also, the tab allows users to write the comment or test cases for each API call logged into the extension. The tab allows mapping each API with the vulnerability from the checklist.

picture

picture

3. Vulnerabilities

The tab stores the URL and parameters and allows users to map the selected API to the vulnerabilities.

picture picture

4. Config

The config tab allow you to set time for auto save after specific time peried and select the output location. You can also set the auto load the checklist file and Import and export data with one click. You can also turn on off the Auto Save and Auto Logging request from proxy for scope domain

picture

Sending Request

picture

TBD

  • Single Click Import and Export
  • Auto Save the project Data
  • Auto Logging Scope APIs and requests with Optional mode
  • Seach option for all 3 tables to manage long table
  • Solving long checklist selection from vulnerability
  • Updating checklist file automatically
  • Map Vulnerabilities with Severity
  • Custom and Default CVSS score generation
  • Multiple row selection for API Mapper
  • Turn on off auto save from config
  • Optimization of code
  • Allowing individual request to mark as completed
  • Allowing Request and Response for Vulnerability

pentest-mapper's People

Contributors

anof-cyber avatar hannah-portswigger avatar portswiggersupport avatar akikoorenji avatar qlkwej avatar yogikortisa avatar

Stargazers

DariusFiko avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.