Automatically Create Github Issues From Burp 2.0

I have started using the Burp Suite 2.0 beta full time recently, and some of the new features I knew I wanted to explore more was the API and the CI Integration.  

I took a few hours this last week and built a small POC shell script that will scan a website and open Github Issues for all findings.  Here is the test repo I have been using to upload issues if you want to follow along at home.

This project is still in its *very* early stages, but if you want to play with what I have been working on below are directions to get started. 

What You Need

Running The Script

Download to the folder where you have burp-ci-driver-v1.0.5beta.jar saved.

Edit the following fields in the script:

min_severity_burp="low"  # Can Be Info|Low|Medium|High

Once that is done, running the script is as simple as: 

./ domainyouhavepermissiontoscan.tld

Reminder:  This is a full burp scan and can take anywhere from 10 mintues to many hours to complete depending on how big the site is. 

What’s Next:

  • Move From Gist To A Github Repo.
  • Add More Fields The Issues
    • Identify Duplicate Issues
  • Kenna Integration
  • JIRA / Service Now Tickets
  • Customizable Scanning and Crawling Profiles
  • Docker Container / VPS Build Script

Closing Thoughts

While I am just getting started with the CI tool, I was impressed that this only took 20 lines of shell code.   I plan on building out a lot more functionality and error checking over the next few months.

If you have any questions, suggestions or improvements, let me know on twitter

Site Footer