Kali Linux

Nuclei-Burp-Plugin : Nuclei Plugin For BurpSuite

Nuclei-Burp-Plugin is a BurpSuite plugin intended to help with nuclei template generation.

Features

Template matcher generation

  • Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts
  • Multi-line selections are split to separate words for readability
  • Binary matchers are created for selections containing non-ASCII characters
  • The part field is auto-set based on whether the selection was in the request header or body
  • Every generated template auto-includes a Status matcher, using the HTTP status code of the response

Request template generation

  • In the Intruder tab, selected payload positions can be used to generate request templates, using one of the following attack types: Battering ram, Pitchfork or Cluster bomb
  • The selected text snippet from an HTTP request under the Proxy or Repeater tab can be used to generate a request template with the attack type defaulting to Battering ram

Template execution

  • Generated templates can be executed instantly, and the output is shown in the same window for convenience
  • The plugin auto-generates the CLI command, using the absolute nuclei path, absolute template path and target information extracted from the desired request
  • History of unique, executed commands are stored, can be quick searched and re-executed within the current session

Experimental features

  • (Non-contextual) YAML property and value auto-complete, using reserved words from the nuclei JSON schema
  • Syntax highlighting of YAML properties, based on reserved words

Productivity

  • Almost every action can be triggered using keyboard shortcuts:
    • F1: open nuclei template documentation
    • Ctrl + Enter: execute current template
    • Ctrl + Shift + E: jump to the template editor
    • Ctrl + L: jump to the CLI input field
    • Ctrl + R: show CLI argument helper
    • Ctrl + S: save the current template
    • Ctrl + Plus/Minus: increase/decrease font size
    • Ctrl + Q: quit
  • Tab support:
    • Ctrl + Tab or Ctrl + PageDown: open next tab
    • Ctrl + Shift + Tab or Ctrl + PageUp: open previous tab
    • Ctrl + [1-9]: move to n-th tab
    • Mouse Scroll Up/Down over the tabs: navigate to next or previous tab
    • Ctrl + W or Middle Mouse Button Click: close current tab
  • The template path is auto-updated if the template is saved to a new location
  • The template-id is recommended as file name when saving

Settings

  • The plugin attempts to auto-detect and complete the configuration values
  • The code searches for the nuclei binary path, using the values from the process’s environmental PATH variable.
    Note: the BurpSuite binary, opposed to the stand-alone BurpSuite jar, might not have access to the current users’s PATH variable.
  • The target template path is calculated based on the default nuclei template directory, configured under <USER_HOME>/.config/nuclei/.templates-config.json
  • The name of the currently logged-in operating system user is used as a default value for the template author configuration

Look and feel

  • The template generator window supports Dark and Light themes. The presented theme is chosen based on the selected BurpSuite theme, under User Options
  • Support for colored nuclei output
  • Modifiable font size in the template editor and command output

Building the code

Use mvn clean package -DskipTests to build the project yourself. It requires Maven 3.x and Java 11+.

On MacOS the dependencies for the plugin can be met using Homebrew: brew install mvn openjdk@11

Alternatively, different builds can be downloaded from the Actions section. The built artifact can be found under the latest build’s Artifacts section. These artifacts are generated after every commit, but are only stored for a limited amount of time.

Installation

  • Build the code yourself or download a pre-built/release version
  • Go to Extender in BurpSuite
  • Click the Add button in the Extensions tab
  • Leave the Extension Type on Java
  • Select the path to the plugin (.jar)
R K

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

11 hours ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

11 hours ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

1 day ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

3 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

3 days ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

3 days ago