0x5t4l1n/BURP-AI
1
0
Fork 0
mirror of https://github.com/th30d4y/BURP-AI.git synced 2026-05-26 11:35:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add retro 70s GitHub Pages website and simplify documentation for v1.0 release

Browse Source 
- Created index.html with vintage 70s aesthetic (professional & unique)
- Simplified README.md from 288 to 60 lines for better readability
- Simplified SECURITY_ADVISORY.md from 253 to 85 lines (removed verbose content)
- Maintained all critical security information
- Ready for GitHub Pages deployment
This commit is contained in:
Stalin-143
2026-03-23 21:19:43 +05:30
parent 3363b66194
commit 1b42ee30bb
3 changed files with 700 additions and 484 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+59 -241
View File
@@ -1,288 +1,106 @@
<div align="center">
# 🤖 BurpAI
**AI-Powered Vulnerability Analysis for Burp Suite**
[![Version](https://img.shields.io/badge/Version-1.0-0052CB?style=flat-square&logo=semantic-release)](https://github.com/Stalin-143/BURP-AI/releases/tag/v1.0)
[![License](https://img.shields.io/badge/License-Apache%202.0-0052CB?style=flat-square)](LICENSE)
[![Python](https://img.shields.io/badge/Python-2.7+-0052CB?style=flat-square&logo=python)](https://www.python.org/)
[![Status](https://img.shields.io/badge/Status-Production%20Ready-00C853?style=flat-square)](SECURITY_ADVISORY.md)
[![v1.0](https://img.shields.io/badge/Version-1.0-blue)](https://github.com/Stalin-143/BURP-AI/releases)
[![Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-green)](LICENSE)
[![Production](https://img.shields.io/badge/Status-Production%20Ready-success)](SECURITY_ADVISORY.md)
[Official Burp Suite](https://portswigger.net/burp) • [Security Policy](SECURITY.md) • [Changelog](CHANGELOG.md) • [Report Issue](https://github.com/Stalin-143/BURP-AI/issues)
</div>
🌐 [Website](https://stalin-143.github.io/BURP-AI/) • 📖 [Security](SECURITY.md) • 🐛 [Issues](https://github.com/Stalin-143/BURP-AI/issues)
---
## 🎯 Overview
## What is BurpAI?
BurpAI seamlessly integrates **multi-model AI analysis** into Burp Suite, providing intelligent vulnerability detection directly in your pentesting workflow. Instantly analyze HTTP requests and get actionable security insights with zero friction.
**Perfect for:** Security Researchers • Penetration Testers • Bug Bounty Hunters • Security Teams
BurpAI integrates multi-model AI directly into Burp Suite for intelligent vulnerability detection. Analyze HTTP requests in real-time and get actionable security insights instantly.
---
## ✨ Features
| Feature | Description |
|---------|-------------|
| 🧠 **Multi-Model AI** | 11 AI models with automatic failover (Kimi, DeepSeek, GLM, Qwen, LLaMA, Mistral, etc.) |
| ⚡ **Real-time Analysis** | Background threading—zero UI lag during analysis |
| 🔍 **Smart Detection** | Priority detection for P1/P2 vulnerabilities (RCE, IDOR, SQLi, Auth bypass) |
| 📋 **Native Repeater** | Built-in request/response editing with Burp's native editors |
| 📊 **Request History** | Automatic tracking of 1000+ requests with full context |
| 🎛️ **Easy Configuration** | One-click API key setup, model selection dropdown |
| 💬 **Interactive Chat** | Custom prompts for targeted security analysis |
| 🔒 **Security First** | HTTPS-only, no telemetry, local-only data storage |
- **🧠 Multi-Model AI** - 11 models with automatic failover
- **⚡ Real-time Analysis** - Zero UI lag, background threading
- **🔍 Smart Detection** - RCE, IDOR, SQLi, Auth bypass, XSS, and more
- **📋 Native Repeater** - Built-in request/response editing
- **📊 Request History** - Tracks 1000+ requests automatically
- **💬 Interactive Chat** - Ask custom security questions
---
## 🚀 Quick Start
### 1️⃣ Install
```bash
# In Burp Suite: Extensions → Add → Select burpaai.py
# 1. Get DigitalOcean AI API key
# https://cloud.digitalocean.com
# 2. Load in Burp Suite
# Extensions → Add → Select burpaai.py
# 3. Configure API key in BurpAI tab → Save
# 4. Analyze requests
# Load any request → Click "Analyze with AI"
```
### 2️⃣ Configure
- Go to **BurpAI** tab
- Enter your DigitalOcean AI API key → **Save**
### 3️⃣ Analyze
- Load a request in **Repeater**
- Click **"Analyze with AI"**
- Review vulnerability report in chat panel
---
## 📋 Requirements
| Requirement | Details |
|-------------|---------|
| **Burp Suite** | Pro or Community Edition (latest) |
| **API Key** | DigitalOcean AI (free tier available) |
| **Java** | 8+ (included with Burp) |
| **Network** | HTTPS outbound to AI API |
| Item | Details |
|------|---------|
| Burp Suite | Pro or Community (latest) |
| API Key | DigitalOcean AI |
| Java | 8+ (included with Burp) |
| Network | HTTPS outbound |
---
## 🔧 Supported Models
## 🧠 Supported Models
```
✅ Alibaba Qwen 3 (32B)
✅ DeepSeek R1 (70B)
✅ GLM-5
✅ Kimi K2.5
✅ LLaMA 3 & 3.3 (8B-70B)
✅ Mistral Nemo (2407)
✅ NVIDIA Nemotron (120B)
✅ OpenAI GPT OSS (20B-120B)
```
Automatic failover if primary model unavailable.
- Alibaba Qwen 3 (32B)
- DeepSeek R1 (70B)
- GLM-5
- Kimi K2.5
- LLaMA 3 & 3.3 (8B-70B)
- Mistral Nemo (2407)
- NVIDIA Nemotron (120B)
- OpenAI GPT OSS (20B-120B)
---
## 🛡️ Security & Compliance
## 🛡️ Security & Privacy
**HTTPS-only** API communication
**No telemetry** or tracking
**Local-only** data storage
**API keys** user-managed
**Open-source** for transparency
✅ HTTPS-only API calls
✅ No telemetry or tracking
✅ Local-only data storage
User-managed API keys
✅ Open-source codebase
👉 [Security Policy](SECURITY.md) • [Vulnerability Reporting](SECURITY.md#reporting-security-vulnerabilities) • [Advisory](SECURITY_ADVISORY.md)
### Report Security Vulnerabilities
**⚠️ DO NOT** open public issues for security vulnerabilities.
Use [GitHub Security Advisory](https://github.com/Stalin-143/BURP-AI/security/advisories):
1. Click "Report a vulnerability"
2. Provide details privately
3. Maintainers respond within 24-48 hours
---
## 📚 Documentation
| Document | Purpose |
|----------|---------|
| [SECURITY.md](SECURITY.md) | Security policy & best practices |
| [SECURITY_ADVISORY.md](SECURITY_ADVISORY.md) | Release security assessment |
| [CHANGELOG.md](CHANGELOG.md) | Version history & fixes |
| [COLLABORATION.md](COLLABORATION.md) | Contributing guidelines |
| [DISCLAIMER.md](DISCLAIMER.md) | Legal notices & warranty |
- [Security Policy](SECURITY.md)
- [Contributing Guide](COLLABORATION.md)
- [Changelog](CHANGELOG.md)
- [License](LICENSE)
- [Disclaimer](DISCLAIMER.md)
---
## 📞 Support & Security
## 📥 Download
### Report Issues
- **Bugs & Features**: [GitHub Issues](https://github.com/Stalin-143/BURP-AI/issues)
- **General Discussion**: [GitHub Discussions](https://github.com/Stalin-143/BURP-AI/discussions)
### 🔒 Report Security Vulnerabilities
**⚠️ DO NOT open public issues for security vulnerabilities**
Instead, use **GitHub Security Advisory**:
1. Go to [GitHub Security Advisory](https://github.com/Stalin-143/BURP-AI/security/advisories)
2. Click **"Report a vulnerability"**
3. Provide detailed information:
- Vulnerability description
- Steps to reproduce
- Potential impact
- Suggested fix (if applicable)
4. Submit privately to maintainers
**Or email the maintainers** (See [SECURITY.md](SECURITY.md#reporting-security-vulnerabilities) for contact)
**Thank you for helping keep BurpAI secure!** 🙏
[Download v1.0](https://github.com/Stalin-143/BURP-AI/releases/tag/v1.0) • [GitHub](https://github.com/Stalin-143/BURP-AI) • [Issues](https://github.com/Stalin-143/BURP-AI/issues)
---
## 📄 License
Licensed under **Apache License 2.0** — See [LICENSE](LICENSE) for details.
**Disclaimer**: For authorized security testing only. See [DISCLAIMER.md](DISCLAIMER.md)
---
## 👥 Contributors
Special thanks to the security community for feedback and contributions.
**Want to contribute?** See [COLLABORATION.md](COLLABORATION.md)
---
<div align="center">
**Built for the modern security toolkit** | [v1.0](https://github.com/Stalin-143/BURP-AI/releases/tag/v1.0) | March 2026
</div>
### Critical (P1) - Automatic Detection
- **RCE** - Remote code execution, command injection
- **IDOR** - Insecure direct object reference
- **SSRF** - Server-side request forgery
- **SQLi** - SQL injection
- **Auth Bypass** - Session hijacking, weak auth
### High (P2)
- XSS, CSRF, XXE, Header Injection
- Cookie/credential handling flaws
- Privilege escalation
### Medium & Low
- Missing security headers
- CORS misconfiguration
- Information disclosure
- Weak configuration
---
## AI Models
The extension uses DigitalOcean's inference models and automatically falls back through this chain:
1. alibaba-qwen3-32b
2. deepseek-r1-distill-llama-70b
3. glm-5
4. kimi-k2.5
5. llama3-8b-instruct
6. llama3.3-70b-instruct
7. minimax-m2.5
8. mistral-nemo-instruct-2407
9. nvidia-nemotron-3-super-120b
10. openai-gpt-oss-120b
11. openai-gpt-oss-20b
If the selected model fails, the next model in the chain is automatically tried.
---
---
## 🔧 Setup
**Get API Key**: [DigitalOcean AI](https://cloud.digitalocean.com)
**Add Extension**: Burp Suite → Extensions → Add → Select `burpaai.py`
**Configure**: Enter API key in BurpAI tab → Save
**Start**: Analyze requests or enable Auto-Analyze
---
## 🐛 Found a Vulnerability?
### Security Reporting ⚠️
**Please DO NOT create a public GitHub issue for security vulnerabilities.**
Use one of these secure reporting methods:
#### Method 1: GitHub Security Advisory (Recommended)
1. Visit: [GitHub Security Advisory - Report](https://github.com/Stalin-143/BURP-AI/security/advisories/new)
2. Click **"Report a vulnerability"** button
3. Fill in the form with:
- **Vulnerability Title**: Brief description
- **Vulnerability Description**: Detailed explanation
- **Steps to reproduce**: How to trigger the issue
- **Impact**: Potential damage/risk
- **CVSS Score**: If you have one
4. Submit privately to maintainers
#### Method 2: Private Email
- See [SECURITY.md](SECURITY.md#reporting-security-vulnerabilities) for maintainer contact
**Response Timeline:**
- 24-48 hours: Initial acknowledgment
- 7 days: Targeted fix or timeline provided
- 30 days: Security patch release
**Your privacy will be respected, and you'll be credited in the fix** 🙏
---
## 🎓 Example Scenarios
| Scenario | Action |
|----------|--------|
| Find SQLi vulnerabilities | Load request → Click "Analyze" → Review results |
| Custom analysis prompt | Use chat box to ask specific questions |
| Auto-analyze requests | Enable checkbox → Requests auto-analyzed when captured |
| Switch AI models | Change dropdown → New model selected immediately |
---
## ⚡ API Integration
**Endpoint**: `https://inference.do-ai.run/v1/chat/completions`
**Models**: 11 AI models with automatic failover
**Response Time**: < 15 seconds per analysis
**Timeout Handling**: Automatic retry chain
---
## 🏆 What Others Love
✅ Zero configuration complexity
✅ Instant integration with existing workflow
✅ Enterprise-grade AI models
✅ No performance impact on Burp
✅ Privacy-first architecture
---
## 📖 Learn More
Dive into the detailed docs:
- [Installation & Setup](README.md#-quick-start)
- [Security Guidelines](SECURITY.md)
- [Contribution Guide](COLLABORATION.md)
- [Release Notes](CHANGELOG.md)
---
<div align="center">
### Ready to analyze like a pro?
[⭐ Star on GitHub](https://github.com/Stalin-143/BURP-AI) • [📢 Report Issue](https://github.com/Stalin-143/BURP-AI/issues) • [💬 Discuss](https://github.com/Stalin-143/BURP-AI/discussions)
Built with ❤️ for the security community
</div>
**License:** Apache 2.0 | **Status:** Production Ready | **For authorized security testing only**