In the last two years Burp Suite Proxy has become my go to web application security scanner. As with everything recently if I can automate it, I do. So this weekend I built a simple script to scan a website with Burp, create a PDF report and post it to Slack:
Here is how I set it up:
- Create a SlackBot and copy API Key.
- Install and Configure Burp & Carbonator (I ended up having to install RDP to do this 🤷)
- Install wkhtml2pdf
- Copy this shell script to autoburp.sh and update as needed (add your token):
https://gist.github.com/jgamblin/90c7aa1b369d1aa1e77b0af03216b9e1
- Copy this line to your crontab to run this scan at 0100 on Mondays:
00 01 * * 1 ./autoburp.sh - Enjoy weekly automated burp scanning and slack reporting of your website.
