This repository stores some of my custom BCheck Scan configurations. Its goal is to identify intriguing elements that warrant further manual testing.
Further information on BCheck can be found at the provided link.
The structure of this repository is as follows:
custom-bcheck-scan/
├── passives # Passive analysis on the response to identify elements worthy of further investigation.
├── common # Common check for misconfigurations for specific technology/framework/language
├── sensitive # Common check for sensitive file s
├── vulnerability-classes # Specifically targeting a particular type of vulnerability such as sqli, xss, etc.
├── testing # Testing scan that I'm still experimenting with
You have two options for testing the scan:
You can import all scans and begin scanning immediately.
Follow the steps below to inspect each scan using the BSCode Editor:
-
Open BurpSuite and navigate to Extensions -> BCheck.
-
Copy any scan into the editor.
-
Right-click on any request/response and select 'Send to BCheck Editor'.
-
Click on 'Validate' to ensure the scan is correct, then click 'Run Test' to observe how the rule runs.
-
"Now, you can view the details of the request in the 'Logger' tab and any identified issues in the 'Issue Activity' tab."