Wanted to share with you what IMHO is the most promising Burp Suite plugin that just might transform it to the best penetration tool ever. It’s the Vulners plugin, available for free at github (https://github.com/vulnersCom/burp-vulners-scanner). If you are lazy like me, a build is available here: https://github.com/vulnersCom/burp-vulners-scanner/releases/download/1.1/burp-vulners-scanner-1.1.jar
Extender->Extensions->Add->Extension in file (.jar)
The developer recommends enabling all the experimental features. No surprises here. There is only one of them and it is called “use scan by location paths”. This feature provides the ability to correlate all the URL paths from live traffic with an exploits database to suggest applicable vulnerability bulletins. It’s a super useful thing, just enable it!
It works well in both passive and active scanning modes. Just plug it in and enjoy the issues in the right panel.
The most useful thing for me here is a blue CVE link, like this: https://vulners.com/cve/CVE-2016-8743
As a result, you will have instant access to all of the available CVEs related to your project. No more manual matching needed to understand the threats. Love it!
If you would like to avoid false positives or add some new checks there you may add detection rules in the “Scan rules” tab.
It’s the easiest way to extend your Burp capabilities with custom regexps/signatures to catch something application specific.
Why it’s better than Nessus you may ask? Just because it’s traffic-related checks! Nessus will never find a /wordpress-x/ directory for you but your browser together with Burp Suite can easily solve this task. The modern web cannot be crawled, it should be sniffed instead.