thomashartm / burp-aem-scanner Goto Github PK

Scan engine should switch to pickaxe using a modular approach.
Pickaxe could be used as a dependency to configure the actual scans, while the execution of scans is then handled through burps HTTP stack
It requires basically two tasks

• PR for pickaxe to factor out the http client
• custom http client integration and reporter for this plugin
• improved UI and reporting which allows customizations and external loading of checks

The overall architecture should be rather intruder based then scanner based.
The main painpoint is that a scanner intregration does not really work as it would issue payloads such as checks for distinct paths such as crx on all pages.
That does not make any sense.

It is more useful to issue those paths to a defined base URL. Internally Burp intruder provides those capabilities.
Additionally a number of scriptable exploits can be integrated through a UI (e.g. to work with resourceType based vulnerabilities)

Currently burp does not allow to run certain checks for unique URLs once. It rather repeats the whole set of scans for each URL which basically creates tons of useless requests.

Switching to a UI integrated approach does the trick but is not very pleasant as well.
I would rather prefer to have a set of intruder payloads which are hammering the system and the various checks are executed then in the background