The best Burp plugin I’ve ever seen

Wanted to share with you what IMHO is the most promising Burp Suite plugin that just might transform it to the best penetration tool ever. It’s the Vulners plugin, available for free at github (https://github.com/vulnersCom/burp-vulners-scanner). If you are lazy like me, a build is available here: https://github.com/vulnersCom/burp-vulners-scanner/releases/download/1.1/burp-vulners-scanner-1.1.jar

Installation

It’s easy if you know how to deal with a plugin in Burp. If you don’t know, please find a video here: https://vimeo.com/225078901 and https://www.youtube.com/watch?v=N1p9ERcjRb0

Extender->Extensions->Add->Extension in file (.jar)

Configuring

The developer recommends enabling all the experimental features. No surprises here. There is only one of them and it is called “use scan by location paths”. This feature provides the ability to correlate all the URL paths from live traffic with an exploits database to suggest applicable vulnerability bulletins. It’s a super useful thing, just enable it!

Using

It works well in both passive and active scanning modes. Just plug it in and enjoy the issues in the right panel.

The most useful thing for me here is a blue CVE link, like this: https://vulners.com/cve/CVE-2016-8743

As a result, you will have instant access to all of the available CVEs related to your project. No more manual matching needed to understand the threats. Love it!

Tuning

If you would like to avoid false positives or add some new checks there you may add detection rules in the “Scan rules” tab.

It’s the easiest way to extend your Burp capabilities with custom regexps/signatures to catch something application specific.

Conclusion

Why it’s better than Nessus you may ask? Just because it’s traffic-related checks! Nessus will never find a /wordpress-x/ directory for you but your browser together with Burp Suite can easily solve this task. The modern web cannot be crawled, it should be sniffed instead.