Skip to content

CognisysGroup/Blinks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation


Blinks
Blinks

Blinks: Burp Headless Scanning Tool

Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality. With the integration of webhooks, this tool sends real-time updates whenever a new issue is identified, directly to your preferred endpoint. No more waiting for final reports – you get instant, actionable insights! 🛠️ blinks_terminal

Usage

Note: Blinks only works with Licensed Burp Suite Professional, Make sure you set up your Burp Suite License before setting up Blinks.

1. Setup Config

Add the path for the Burp Suite Pro JAR file and Jython.jar file inside config.json.

{
    "initialURL": {
        "url": "https://example.com",
        "host": "example.com",
        "port": 443,
        "protocol": "https"
    },
    "webhookurl": null,
    "crawlonly": null,
    "proxyonly": null,
    "reporttype": "HTML",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3",
    "headers": [],
    "staticFileExt": [
        "css",
        "js",
        "png",
        "jpg",
        "jpeg",
        "gif",
        "svg"
    ],
    "exclusions": [
        "/exclude-this-path",
        "/another-exclude-path"
    ],
    "BurpPath": "BURP PATH HERE",   <--- Add Burp.jar file path 
    "jythonPath": "JYTHON PATH HERE"   <--- Add Jython.jar file path 
}

2. Run Blinks

Usage: python3 run.py -u https://example.com -r HTML -w https://webhook.url/endpoint

Arguments:

  -h, --help            show this help message and exit
  -u, --url             Single URL to process 
  -f, --file            File containing URLs to process 
  -w, --webhook         Webhook URL (default: NULL)    
  -r, --reporttype      Report type (HTML or XML)
  --header              Custom headers/cookies to add to the requests (format: HeaderName:HeaderValue), reuse the argument for multiple headers
  --crawlonly           Perfom crawl only scan, it will save all crawled requests under ./data/
  --socks5              Use socks5 for VPN at localhost:9090
Install Requirements
$ pip3 install -r requirements.txt
Run with a single URL and XML report
$ python3 run.py -u https://example.com -r XML
Run with a list of URLs with webhook
$ python3 run.py -f ./targets.txt -r XML -w https://webhook.url/endpoint
Run with a list of URLs with webhook and multiple headers
$ python3 run.py -f ./targets.txt -r XML -w https://webhook.url/endpoint --header "Cookie:session=value" --header "Authorization: Basic test"
Run with a crawl only mode
$ python3 run.py -f ./targets.txt -r XML -w https://webhook.url/endpoint --crawlonly

Features

  • Blinks runs Burp Suite scans in a Blinksless mode, allowing for automation without the need for a graphical user interface (GUI). This makes it ideal for integration into pipelines or remote servers.

  • Single and Batch URL Processing

    • Single URL Processing: Easily scan a single target URL.
    • Batch URL Processing: Supply a file containing multiple URLs, and Blinks will process each one sequentially, making it efficient for large-scale assessments.
  • Customizable Report Generation

    • HTML Reports: Easy-to-read format for human review.
    • XML Reports: Structured format for machine processing or further analysis.
  • Webhook Integration for Real-Time Notifications: Blinks supports webhook integration, allowing you to send scan results directly to a specified URL. This feature is particularly useful for real-time monitoring and integration with alerting systems.

  • Crawl Only Mode: If you only need to map out the structure of a web application without performing a full security scan, you can use the Crawl Only mode. This limits the scan to discovering URLs and resources.

  • SOCKS5 Proxy Support For enhanced security during scans, especially in environments requiring VPN connections, Blinks includes support for a SOCKS5 proxy running at localhost:9090.

  • Flexible Configuration Blinks provides a JSON-based configuration file (config.json) that allows you to customize various aspects of the scan.

Tested on

  • Operating System: Ubuntu 24.04 LTS (AWS) | Ubuntu WSL | Windows 11 23H2
  • Burp Suite Pro Version: v2024.6.6
  • Java Version: openjdk 21.0.4 2024-07-16

Attach More Extensions

You can attach more Burp extensions by modifying the ./burpconfig/userconfig.json file. For example:

<SNIP>
"extender": {
    "extensions": [
        {
            "errors": "console",
            "extension_file": "EXTENSION_PATH",
            "extension_type": "python/java/ruby",
            "loaded": true,
            "name": "Extension Name",
            "output": "ui"
        }
    ]
}
<SNIP>

This configuration allows you to load and manage multiple Burp extensions, each defined by its file path, type, and other properties. Simply edit the extension_file path and other fields as necessary to load additional extensions.

License

This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).