This repository stores some of my custom BCheck Scan configurations. Its goal is to identify intriguing elements that warrant further manual testing.
Further information on BCheck can be found at the provided link.
The structure of this repository is as follows:
custom-bcheck-scan/
βββ passives # Passive analysis on the response to identify elements worthy of further investigation. 𧬠Be careful as certain rules may trigger excessive alerts π§¬
βββ common # Common check for misconfigurations for specific technology/framework/language
βββ sensitive # Common check for sensitive files
βββ vulnerability-classes # Specifically targeting a particular type of vulnerability such as sqli, xss, etc.
βββ testing # Testing scan that I'm still experimenting with
.
I'd like to express my gratitude to the creator of these Burp Extensions and some other open-sources tools. Their work has been instrumental in enabling my BCheck scans. While I've made every effort to recreate these extensions in BCheck, it's inevitable that mistakes may occur. If there are any areas I've overlooked, please don't hesitate to contribute and help improve them.
My BCheck Scan | Noise | Extension Name & Author |
---|---|---|
interesting-error-message | π¨ | burp-suite-error-message-checks by @augustd and gf by @tomnomnom |
interesting-parameters | π¨ | HUNT by @jhaddix and Gf-Patterns by @1ndianl33t |
open-redirect-on-param & open-redirect-on-path | - | Part of the OpenRedireX by @devanshbatham |
nginx-off-by-slash | π¨ | Part of the nginx off-by-slash by @bayotop and @tomnomnom |
interesting-pingback-via-header & interesting-pingback-via-param | π¨ | Part of the collaborator-everywhere by James Kettle |
host-header-injection | - | Small part of the host_header_inchecktion by @fabianbinna |
command-injection-on-param | - | Small part of the shelling by @ewilded |
Kindly note that certain scans may produce excessive noise and generate numerous informational alerts post-scanning. It would be advisable to deactivate this feature by default and initiate scans only when necessary and for in-scope item only.
You have two options for testing the scan:
You can import all scans and begin scanning immediately.
Follow the steps below to inspect each scan using the BSCode Editor:
-
Open BurpSuite and navigate to Extensions -> BCheck.
-
Copy any scan into the editor.
-
Right-click on any request/response and select 'Send to BCheck Editor'.
-
Click on 'Validate' to ensure the scan is correct, then click 'Run Test' to observe how the rule runs.
-
"Now, you can view the details of the request in the 'Logger' tab and any identified issues in the 'Issue Activity' tab."