






二、脚本文件 SimpleAutoBurp+Config.json

SimpleAutoBurp.py 是调用Burp suite API的脚本,config.json是其配置文件。


from os import strerrorfrom subprocess import Popenimport requestsimport timeimport subprocessimport loggingimport osimport signalimport jsonimport sysfrom datetime import datetime#将configFile指向你的config.json文件configFile = r"F:/pythonCode/SimpleAutoBurp/SimpleAutoBurp-main/config.json"try:    with open(configFile) as json_data:        config=json.load(json_data)except:    print("Missing config.json file. Make sure the configuration file is in the same folder")    sys.exit()burpConfigs=config["burpConfigs"][0]siteConfigs=config["sites"]def set_logging():    global rootLogger    logFormatter = logging.Formatter("%(asctime)s [%(levelname)-5.5s]  %(message)s")    rootLogger = logging.getLogger()    NumericLevel = getattr(logging, burpConfigs["loglevel"].upper(), 10)    rootLogger.setLevel(NumericLevel)    fileHandler = logging.FileHandler("{0}/{1}.log".format(burpConfigs["logPath"], burpConfigs["logfileName"]))    fileHandler.setFormatter(logFormatter)    rootLogger.addHandler(fileHandler)     consoleHandler = logging.StreamHandler()    consoleHandler.setFormatter(logFormatter)    rootLogger.addHandler(consoleHandler)def execute_burp(site):    cmd = burpConfigs["java"] + " -jar -Xmx" + burpConfigs["memory"] + " -Djava.awt.headless="         + str(burpConfigs["headless"]) + " " + burpConfigs["burpJar"] + " --project-file=" + site["project"] + " --unpause-spider-and-scanner"    try:        rootLogger.debug("Executing Burp: " + str(cmd))        p = Popen(cmd, shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)        return p.pid    except:        rootLogger.error("Burp Suite failed to execute.")        exit()def check_burp(site):    count = 0     url = ""+ site["apikey"] +"/v0.1/"    time.sleep(10)    while True:        if count > burpConfigs["retry"]:            rootLogger.error("Too many attempts to connect to Burp")            exit()        else:            rootLogger.debug("Cheking API: " + str(url))            init = requests.get(url)            if init.status_code == 200:                rootLogger.debug("API running, response code: " + str(init.status_code))                # Let Brup time to load extensions                time.sleep(30)                break            else:                rootLogger.debug("Burp is not ready yet, response code: " + str(init.status_code))                time.sleep(10)def execute_scan(site):    data = '{"urls":["'+ site["scanURL"] + '"]}'    url="" + site["apikey"] + "/v0.1/scan"    rootLogger.info("Starting scan to: " + str(site["scanURL"]))    scan = requests.post(url, data=data)    rootLogger.debug("Task ID: " + scan.headers["Location"])    while True:        url="" + site["apikey"] + "/v0.1/scan/" + scan.headers["Location"]        scanresults = requests.get(url)        data = scanresults.json()        rootLogger.info("Current status: " + data["scan_status"])        if data["scan_status"] == "failed":            rootLogger.error("Scan failed")            kill_burp()            exit()        elif data["scan_status"] == "succeeded":            rootLogger.info("Scan competed")            return data        else:            rootLogger.debug("Waiting 60 before cheking the status again")            time.sleep(60)def kill_burp(child_pid):    rootLogger.info("Killing Burp.")    try:            os.kill(child_pid, signal.SIGTERM)            rootLogger.debug("Burp killed")    except:            rootLogger.error("Failed to stop Burp")def get_data(data, site):    for issue in data["issue_events"]:        rootLogger.info("Vulnerability - Name: " + issue["issue"]["name"] + " Path: " + issue["issue"]["path"] + " Severity: " + issue["issue"]["severity"])    token=site["scanURL"].split('/')[2]    top_level=token.split('.')[-2]+'.'+token.split('.')[-1]    file = top_level + "-" + datetime.now().strftime("%Y_%m_%d-%I_%M_%S_%p") + ".txt"    file = burpConfigs["ScanOutput"] + file    rootLogger.info("Writing full results to: "+ file)    with open(file, "w") as f:        f.write(str(data["issue_events"]))def main():    set_logging()    for site in config["sites"]:        # Execute BurpSuite Pro        child_pid = execute_burp(site)        # Check if API burp is up        check_burp(site)        # Execute Scan        data = execute_scan(site)        # Get Vulnerability data        get_data(data, site)        # Stop Burp        rootLogger.info("Scan finished, killing Burp.")        kill_burp(child_pid)if __name__ == '__main__':    main() 

Config.json(这里面配置要扫描的站点, APIKEY在BurpSuite里面生成)

{    "sites" : [{    "scanURL" : "",    "project" : "d:/temp/Metasploitable2.burp",    "apikey" : "S44ZGKWIXsGa8eWiASfDz7u5d2CzsbHm"    }],    "burpConfigs" : [{    "memory" : "2048m",    "headless" : "true",    "java" : "C:/Program Files/Java/jdk-11.0.11/bin/java.exe",    "burpJar" : "F:/Download/burpsuite_pro_v2021.6.1.jar",    "retry" : 5,    "logPath" : "d:/temp/ScanOutput/",    "logfileName" : "SimpleAutoBurp",    "loglevel" : "debug",    "ScanOutput" : "d:/temp/ScanOutput/"    }]}

三、Burp suite pro REST API服务开启方法

Burp Suite Pro 开启REST API 界面


