reddit hackernews mail facebook facebook linkedin
sponsor
nuclei-burp-plugin

nuclei-burp-plugin

A Burp Suite plugin intended to help with Nuclei template generation.

Template matcher generation:
- Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts
- Multi-line selections are split to separate words for readability
- Binary matchers are created for selections containing non-ASCII characters
- The part field is auto-set based on whether the selection was in the request header or body
- Every generated template auto-includes a Status matcher, using the HTTP status code of the response

Modifying generated templates:
- New matchers and requests can be added to previously generated templates, by highlighting a part of a response
- In case of a CVE, template information fields can be filled in automatically (Right-click on a template, Add → Classification → CVE)

Request template generation:
- In the Intruder tab, selected payload positions can be used to generate request templates, using one of the following attack types: Battering ram, Pitchfork or - Cluster bomb
- The selected text snippet from an HTTP request under the Proxy or Repeater tab can be used to generate a request template with the attack type defaulting to - Battering ram
- Templates containing multiple requests can be generated by selecting multiple proxy items and clicking generate

Template execution:
- Generated templates can be executed instantly, and the output is shown in the same window for convenience
- The plugin auto-generates the CLI command, using the absolute nuclei path, absolute template path and target information extracted from the desired request
- History of unique, executed commands are stored, can be quick searched and re-executed within the current session
- CLI flag filtering and completion support can be accessed using the CTRL + R keyboard shorcut

Experimental features:
- (Non-contextual) YAML property and value auto-complete, using reserved words from the nuclei JSON schema
- Syntax highlighting of YAML properties, based on reserved words

Productivity:
- Almost every action can be triggered using keyboard shortcuts
- Tab support
- The template path is auto-updated if the template is saved to a new location
- The template-id is recommended as file name when saving

Settings:
- The plugin attempts to auto-detect and complete the configuration values
- The code searches for the nuclei binary path, using the values from the process's environmental PATH variable.
- Note: the Burp Suite binary, opposed to the stand-alone BurpSuite jar, might not have access to the current user's PATH variable.
- The target template path is calculated based on the default nuclei template directory, configured under /.config/nuclei/.templates-config.json
- The name of the currently logged-in operating system user is used as a default value for the template author configuration
- The user can decide whether to display the generated template in a dedicated window or embedded under "Generator", within the Nuclei tab

Look and feel:
- The template generator window supports Dark and Light themes. The presented theme is chosen based on the selected Burp Suite theme, under User Options
- Support for colored nuclei output
- Modifiable font size in the template editor and command output