Skip to content

offset7/Nuclei-Standalone-Burp-Extension

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src/main/java/burp
src/main/java/burp
 
 
target
target
 
 
vulnerabilities
vulnerabilities
 
 
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Nuclei Burp Extension

A powerful Burp Suite extension that allows security testers to load and execute Nuclei-style YAML templates directly inside Burp Suite.
This extension parses YAML-defined rules—including matchers, HTTP request bodies, headers, status code checks, and more—to help automate vulnerability scanning from within Burp.

🚀 Features

✔️ Load Nuclei YAML Templates

  • Supports Nuclei-style YAML format.
  • Automatically parses request metadata, matchers, headers, and body content.

✔️ Passive and Active Scanning

  • Integrates with Burp Scanner to match responses based on:
    • Status codes
    • Header content
    • Response body content
    • Custom matcher rules

✔️ Flexible Matching Engine

  • Supports:
    • matchers
    • body
    • raw
    • header
    • status
  • Multiple matchers per template.
  • Keyword-based and regex-based detection logic.

✔️ Easy Integration

  • Works as a Burp Extender plugin (BurpExtender.java).
  • Reads YAML template files automatically.
  • No external dependencies required beyond standard Burp Extender APIs.

🛠 How It Works

  1. The extension loads .yaml templates.
  2. It parses:
    • HTTP method
    • Headers
    • Body
    • Matchers (body/header/status)
  3. Burp intercepts and analyzes traffic.
  4. For each request/response, the extension checks:
    • If the status matches
    • If headers contain keywords
    • If the response body contains patterns
  5. If a match is found, Burp reports a vulnerability issue automatically.

📂 Project Structure

.
├── pom.xml
└── src/
    └── main/
        └── java/
            └── burp/
                └── BurpExtender.java

📦 Installation

Option 1 – Compile with Maven

mvn clean package

Then load the generated .jar file in:

Burp Suite → Extensions → Add → Java

Option 2 – Manual Import

Open the project in any Java IDE (IntelliJ, Eclipse), build, and export as .jar.

📘 Usage

  1. Open Burp Suite.
  2. Navigate to Extender → Extensions.
  3. Load the compiled .jar.
  4. Place your Nuclei-style .yaml templates in the configured directory.
  5. Burp will start analyzing traffic using your templates.

🧪 Example YAML Template

id: exposed-admin
info:
  name: Exposed Admin Page
  severity: medium

requests:
  - method: GET
    path:
      - "/admin"
    matchers:
      - type: word
        part: body
        words:
          - "Admin Login"
      - type: status
        status:
          - 200

🧩 Supported Matcher Types

Matcher Description
word Looks for strings in body or headers
regex Regular expression detection
status Matches HTTP status codes
header Matches header text
body Matches body text

🛡 Disclaimer

This tool is for authorized security testing only.
The authors are not responsible for misuse or damage caused by unauthorized scanning.

🤝 Contributing

Contributions are welcome!

  • Submit issues
  • Open pull requests
  • Suggest enhancements

📜 License

MIT License — free for personal and commercial use.

⭐ If you find this useful, consider giving the repo a star!

About

nuclei templates Standalone scanner Burp Extension

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Nuclei Burp Extension Latest
Dec 1, 2025

Packages

 
 
 

Contributors

Languages