Burp Bounty Pro 2.5.0破解版BurpBounty 2.5.0 Cracked

Burp Bounty Pro 2.5.0破解版BurpBounty 2.5.0 Cracked

对Burp Bounty不了解的自行参考如下文章

Burp Bounty Pro 2.5.0更新日志

Burp Bounty Pro 2.5.0更新于2022.6.1

Burp Bounty Pro 2.5.0破解版BurpBounty 2.5.0 Cracked
  • 添加实时智能扫描按钮。
  • 修正了通过智能扫描的问题。
  • 添加“IScopeChangeListener”用于范围更改检测
  • 标签管理器现在在Profiles选项卡上。
  • 新学习选项卡与一些文档和提示。
  • 在Options选项卡上新建全局变量部分。
  • 修复了BurpCollaborator主机中https的错误

Burp Bounty Pro 2.5.0下载地址

https://www.yunzhongzhuan.com
解压密码:www.ddosi.org

压缩包包含的文件内容

│  BurpBountyPro_v2.5_Cracked.jar
│  www.ddosi.org.txt
│
└─BurpBountyData
    │  version.txt
    │
    ├─profiles
    │      AccessToken.bb
    │      Action_parameters.bb
    │      All_Requests_And_Parameters.bb
    │      Amazon_AWS_Url.bb
    │      Api_path.bb
    │      Artica_Web.bb
    │      Artica_Web_Request.bb
    │      Authorization_Bearer.bb
    │      AWS_Access_Key_ID.bb
    │      AWS_Region.bb
    │      Azure_Blob_Discovered.bb
    │      Basic_Auth_Credentials.bb
    │      Bitcoin_Address.bb
    │      Blind_RCE_Linux.bb
    │      Blind_RCE_Linux_GETParams.bb
    │      Blind_RCE_Linux_POSTParams.bb
    │      Blind_RCE_Windows.bb
    │      Blind_RCE_Windows_GETParams.bb
    │      Blind_RCE_Windows_POSTParams.bb
    │      Blind_XSS.bb
    │      Blind_XSS_GETParams.bb
    │      Blind_XSS_POSTParams.bb
    │      Blind_XXE.bb
    │      CDN_Detected.bb
    │      Cisco_ASA_Device_Found.bb
    │      Cisco_Request_Detected.bb
    │      Citrix_Detection.bb
    │      CMS_Found.bb
    │      CORS Misconfiguration.bb
    │      CouchDB_Admin_Exposure.bb
    │      CouchDB_Request.bb
    │      CouchDB_Response.bb
    │      CRLF.bb
    │      CRLF_GETParams.bb
    │      CRLF_POSTParams.bb
    │      CVE-2017-9506_Jira_SSRF.bb
    │      CVE-2018-1271_Spring_MVC_Path_Traversal.bb
    │      CVE-2018-13379_FortiOS_Creds_Disclosure.bb
    │      CVE-2019-11510_Pulse_Secure.bb
    │      CVE-2019-11580_Atlassian_Crowd_RCE.bb
    │      CVE-2019-1653_Cisco_Wan_VPN_disclosure.bb
    │      CVE-2019-19781_Citrix_ADC_Directory_Traversal.bb
    │      CVE-2019-3799_Spring_Cloud_Path_Traversal.bb
    │      CVE-2019-5418_Ruby on Rails - WAF bypass.bb
    │      CVE-2019-5418_Ruby on Rails.bb
    │      CVE-2019-8442_Jira_Path_Traversal.bb
    │      CVE-2019-8449_Jira_Unauthenticated_Sensitive_Info.bb
    │      CVE-2020-11738_Wordpress_Duplicator_Plugin_LFI.bb
    │      CVE-2020-13167_Netsweeper_code_injection.bb
    │      CVE-2020-13379_Grafana_SSRF.bb
    │      CVE-2020-14179_Jira_Info_Exposure.bb
    │      CVE-2020-14181_Jira_User_Enum.bb
    │      CVE-2020-14815_XSS.bb
    │      CVE-2020-15129_Traefik_Open_Redirect.bb
    │      CVE-2020-17506_Artica_Web_Proxy_Auth_Bypass.bb
    │      CVE-2020-24312_File_Manager_Wordpress_Backups.bb
    │      CVE-2020-2551_Oracle_WebLogic.bb
    │      CVE-2020-3452_Cisco_ASA_LFI.bb
    │      CVE-2020-5410_Path_Traversal_Spring_Cloud.bb
    │      CVE-2020-5412_Spring_Cloud_Netflix.bb
    │      CVE-2020-5777_MAMGI_Auth_Bypass.bb
    │      CVE-2020-5902_F5-BigIP.bb
    │      CVE-2020-8209_Citrix_XenMobile_PathTraversal.bb
    │      CVE-2020-8982_Citrix_ShareFile_File_Read.bb
    │      CVE-2020-9484_Tomcat_Groovy.bb
    │      CVE-2021-26086_PathTraversal_Atlassian_Jira.bb
    │      CVE-2021-40438_Apache_mod_proxy_SSRF.bb
    │      CVE-2021-40539_Zoho_ManageEngine_ADSelfService.bb
    │      CVE-2021-43798_Grafana_LFI.bb
    │      CVE-2021-44228_RCE_Log4j.bb
    │      CVE-2021-44228_RCE_Log4j_GETPOST.bb
    │      CVE-2021-44228_RCE_Log4j_urlEncode.bb
    │      CVE-2022-1388_F5_Big_IP_RCE.bb
    │      Debug Pages.bb
    │      Debug_Logic_Parameters.bb
    │      Debug_variables.bb
    │      DigitalOcean_Space_Discovered.bb
    │      Docker_API_Response.bb
    │      DomainTakeOver_Strings.bb
    │      Drupal_Response.bb
    │      Drupal_User_Enum.bb
    │      Drupal_User_Enum_Redirect.bb
    │      easy_wp_smtp_listing_enabled.bb
    │      Echo_RCE.bb
    │      EndpointsExtractor.bb
    │      Expect_RCE.bb
    │      Firebase DB detected.bb
    │      Fortinet_Panel.bb
    │      Fortinet_Request.bb
    │      Fuzzing_directories.bb
    │      GCP_Service_Account.bb
    │      GCP_Urls.bb
    │      GitFinder.bb
    │      Gmail_Oauth_2.0.bb
    │      Google_Cloud_Buckets.bb
    │      Graphql Introspection.bb
    │      GraphQL_Endpoint.bb
    │      Hidden Parameters.bb
    │      Host_Header_Injection.bb
    │      IDOR_parameters.bb
    │      Interesting_Keyworks.bb
    │      Java_De-Serialization.bb
    │      Jenkins_Response.bb
    │      Jira_Request.bb
    │      Jira_unauthenticated_Info.bb
    │      Joomla detection.bb
    │      JS_Variables.bb
    │      Keys.bb
    │      Key_Parameters.bb
    │      Kubernetes_API_Exposed.bb
    │      Kubernetes_Response.bb
    │      LFI_RFI_Parameters.bb
    │      MAC_Address.bb
    │      MAGMI_Request.bb
    │      MAGMI_Response.bb
    │      Netsweeper_Request.bb
    │      Netsweeper_Response.bb
    │      NoSQL_Session_Token.bb
    │      OAuth_parameters.bb
    │      Open Firebase Database.bb
    │      OpenRedirect-ParameterPollution.bb
    │      OpenRedirect-ParameterPollution_Path.bb
    │      OpenRedirect.bb
    │      OpenRedirect_GETParams.bb
    │      OpenRedirect_POSTParams.bb
    │      OpenRedirect_SSRF_Collaborator.bb
    │      OpenRedirect_SSRF_Collaborator_GETParams.bb
    │      OpenRedirect_SSRF_Collaborator_HTTP0_9.bb
    │      OpenRedirect_SSRF_Collaborator_HTTP1_0.bb
    │      OpenRedirect_SSRF_Collaborator_POSTParams.bb
    │      OpenRedirect_SSRF_Parameters.bb
    │      OpenRedirect_to_Account_Takeover.bb
    │      Openredirect_to_XSS.bb
    │      Outlook_Team.bb
    │      Password-Reset-Headers.bb
    │      Password-Reset-Params.bb
    │      Password-Reset-URL.bb
    │      PathTraversal_Linux.bb
    │      PathTraversal_Linux_GETParams.bb
    │      PathTraversal_Linux_POSTParams.bb
    │      PathTraversal_Windows.bb
    │      PathTraversal_Windows_GETParams.bb
    │      PathTraversal_Windows_POSTParams.bb
    │      PHP_RCE.bb
    │      PHP_RCE_GETParams.bb
    │      PHP_RCE_POSTParams.bb
    │      Private_SSH_Key.bb
    │      RCE_Linux.bb
    │      RCE_Linux_GETParams.bb
    │      RCE_Linux_POSTParams.bb
    │      RCE_Parameters.bb
    │      RCE_Windows.bb
    │      RCE_Windows_GETParams.bb
    │      RCE_Windows_POSTParams.bb
    │      Reflected_values_greater_than_three_characters.bb
    │      RegisterUser_parameters.bb
    │      Secret-keywords-SecLists.bb
    │      Secrets_Request.bb
    │      Software_Version.bb
    │      solarwinds_default_admin.bb
    │      Solarwinds_Orion_Request.bb
    │      Solarwinds_Orion_Response.bb
    │      Source_code.bb
    │      Spring Boot Actuators.bb
    │      Springboot_Requests.bb
    │      SQLi.bb
    │      SQLi_Collaborator.bb
    │      SQLi_Collaborator_GETParams.bb
    │      SQLi_Collaborator_POSTParams.bb
    │      SQLi_GETParams.bb
    │      SQLi_Parameters.bb
    │      SQLi_POSTParams.bb
    │      SQLi_TimeBased.bb
    │      SQLi_TimeBased_GETParams.bb
    │      SQLi_TimeBased_POSTParams.bb
    │      SQL_Message_Detected.bb
    │      SSRF-Collaborator.bb
    │      SSRF-Collaborator_GETParams.bb
    │      SSRF-Collaborator_POSTParams.bb
    │      SSRF-URLScheme.bb
    │      SSRF-URLScheme_GETParams.bb
    │      SSRF-URLScheme_POSTParams.bb
    │      SSRF_Collaborator_HTTP0_9.bb
    │      SSRF_Collaborator_HTTP1_0.bb
    │      SSTI.bb
    │      SSTI_GET_Params.bb
    │      SSTI_Parameters.bb
    │      SSTI_POST_Params.bb
    │      Subdomain_takeover.bb
    │      SVNFinder.bb
    │      Swagger-Finder.bb
    │      Swagger_found.bb
    │      Swagger_Request.bb
    │      Symfony_Debug.bb
    │      Symfony_Response.bb
    │      tags.txt
    │      Test_XSS_append.bb
    │      Test_XSS_append_encoded.bb
    │      Test_XSS_append_GetParams.bb
    │      Test_XSS_append_POSTParams.bb
    │      Test_XSS_discover.bb
    │      Test_XSS_GET_POST.bb
    │      Token_Parameters.bb
    │      Tomcat_Response_Detection.bb
    │      Traefik_Response.bb
    │      URL_as_a_Value.bb
    │      URL_Path_as_a_Value.bb
    │      UserEnum_parameters.bb
    │      UUID_Request.bb
    │      vBulletin_Response.bb
    │      WAF_Found.bb
    │      WebCachePoisoning.bb
    │      Weblogic_Request.bb
    │      Woody_Wordpress_RCE.bb
    │      WordPress Config.bb
    │      WordPress detection.bb
    │      WordPress_Config_Accessible.bb
    │      WordPress_directory_listing.bb
    │      WordPress_JSmol2WP_SSRF.bb
    │      WordPress_Path_Traversal.bb
    │      wordpress_users_enum_yoastseo.bb
    │      WordPress_user_enum_json.bb
    │      WordPress_user_enum_oembed.bb
    │      WordPress_XMLRPC_ListMethods.bb
    │      WordPress_XMLRPC_Pingback.bb
    │      WP_Config.bb
    │      X-Headers-Collaborator.bb
    │      XSS.bb
    │      XSS_GETPOST.bb
    │      XSS_GET_Params.bb
    │      XSS_HtmlUrlEncode.bb
    │      XSS_Parameters.bb
    │      XSS_POST_Params.bb
    │      XSS_UrlEncode.bb
    │      XXE_Linux.bb
    │      XXE_Windows.bb
    │
    └─rules
            rule_Artica_Web_Proxy_Auth_bypass.bb
            rule_Cisco_Rule.bb
            rule_Citrix_Rule.bb
            rule_CouchDB_Admin_Exposure.bb
            rule_Drupal_Rule.bb
            rule_Firebase Database Rule.bb
            rule_Fortinet_Fortigate.bb
            rule_Jira_Rule.bb
            rule_Kubernetes_Rule.bb
            rule_LFI_Rule.bb
            rule_MAGMI_Remote_Auth.bb
            rule_Netsweeper_CodeInjection.bb
            rule_OpenRedirect_SSRF_Rule.bb
            rule_RCE_Rule.bb
            rule_Scan all requests with all Profiles.bb
            rule_Scan all requests with log4shell profiles.bb
            rule_Scan all requests with Open redirect profiles.bb
            rule_Scan all requests with SSRF.bb
            rule_Scan all requests with Test XSS profile.bb
            rule_Solarwinds.bb
            rule_SpringBoot_Rule.bb
            rule_SQLi_Rule.bb
            rule_SSTI_Rule.bb
            rule_Symfony_Rule.bb
            rule_Traefik_Rule.bb
            rule_Weblogic_Rule.bb
            rule_Wordpress_Rule.bb
            rule_XSS_rule.bb

Burp Bounty Pro能扫描的漏洞

主动扫描配置文件列表被动扫描配置文件列表被动扫描回应配置文件列表漏洞标签
Blind_RCE_LinuxAction_parametersAccessTokenCVEs
Blind_RCE_Linux_GETParamsAll_Requests_And_ParametersAmazon_AWS_UrlRCE
Blind_RCE_Linux_POSTParamsApi_pathArtica_WebXSS
Blind_RCE_WindowsArtica_Web_RequestAuthorization_BearerXXE
Blind_RCE_Windows_GETParamsCisco_Request_DetectedAWS_Access_Key_IDCORS
Blind_RCE_Windows_POSTParamsCouchDB_RequestAWS_RegionCRLF
Blind_XSSDebug_Logic_ParametersAzure_Blob_DiscoveredDrupal
Blind_XSS_GETParamsFirebase DB detectedBasic_Auth_CredentialsWordPress
Blind_XSS_POSTParamsFortinet_RequestBitcoin_AddressSQLi
Blind_XXEGraphQL_EndpointCDN_DetectedSSRF
CORS MisconfigurationIDOR_parametersCisco_ASA_Device_FoundSSTI
CouchDB_Admin_ExposureJira_RequestCitrix_DetectionXSS GET Parameters
CRLFKey_ParametersCMS_FoundXSS POST Parameters
CRLF_GETParamsLFI_RFI_ParametersCouchDB_ResponseSSTI GET Parameters
CRLF_POSTParamsMAGMI_RequestDebug_variablesSSTI POST Parameters
CVE-2017-9506_Jira_SSRFNetsweeper_RequestDebug PagesSSRF GET Parameters
CVE-2018-1271_Spring_MVC_Path_TraversalOAuth_parametersDigitalOcean_Space_DiscoveredAll GET Parameters
CVE-2018-13379_FortiOS_Creds_DisclosureOpenRedirect_SSRF_ParametersDocker_API_ResponseAll POST Parameters
CVE-2019-11510_Pulse_SecureRCE_ParametersDomainTakeOver_StringsSSRF POST Parameters
CVE-2019-11580_Atlassian_Crowd_RCERegisterUser_parametersDrupal_ResponseSQLi GET Parameters
CVE-2019-1653_Cisco_Wan_VPN_disclosureSecret-keywords-SecListsEndpointsExtractorSQLi POST Parameters
CVE-2019-19781_Citrix_ADC_Directory_TraversalSecrets_RequestFortinet_PanelSSRF GET Parameters
CVE-2019-3799_Spring_Cloud_Path_TraversalSolarwinds_Orion_RequestGCP_Service_AccountSSRF POST Parameters
CVE-2019-5418_Ruby on RailsSpringboot_RequestsGCP_UrlsOpen Redirect GET Parameters
CVE-2019-5418_Ruby on Rails – WAF bypassSQLi_ParametersGmail_Oauth_2.0Open Redirect POST Parameters
CVE-2019-8442_Jira_Path_TraversalSSTI_ParametersGoogle_Cloud_BucketsCRLF GET Parameters
CVE-2019-8449_Jira_Unauthenticated_Sensitive_InfoSwagger_RequestHidden ParametersCRLF POST Parameters
CVE-2020-11738_Wordpress_Duplicator_Plugin_LFIToken_ParametersInteresting_KeyworksBlind XSS GET Parameters
CVE-2020-13167_Netsweeper_code_injectionURL_as_a_ValueJava_De-SerializationBlind XSS POST Parameters
CVE-2020-13379_Grafana_SSRFURL_Path_as_a_ValueJenkins_ResponseRCE POST Parameters
CVE-2020-14179_Jira_Info_ExposureUserEnum_parametersJoomla detectionRCE GET Parameters
CVE-2020-14181_Jira_User_EnumUUID_RequestJS_VariablesBlind XSS
CVE-2020-14815_XSSWeblogic_RequestKeysOpen Redirect
CVE-2020-15129_Traefik_Open_RedirectXSS_ParametersKubernetes_ResponsePath Traversal POST Parameters
CVE-2020-17506_Artica_Web_Proxy_Auth_Bypass MAC_AddressPath Traversal GET Parameters
CVE-2020-24312_File_Manager_Wordpress_Backups MAGMI_ResponsePath Traversal
CVE-2020-2551_Oracle_WebLogic Netsweeper_ResponseX-Headers-Collab
CVE-2020-3452_Cisco_ASA_LFI NoSQL_Session_TokenForgot Password
CVE-2020-5410_Path_Traversal_Spring_Cloud Outlook_Team 
CVE-2020-5412_Spring_Cloud_Netflix Private_SSH_Key 
CVE-2020-5777_MAMGI_Auth_Bypass Reflected_values_greater_than_three_characters 
CVE-2020-5902_F5-BigIP Software_Version 
CVE-2020-8209_Citrix_XenMobile_PathTraversal Solarwinds_Orion_Response 
CVE-2020-8982_Citrix_ShareFile_File_Read SQL_Message_Detected 
CVE-2020-9484_Tomcat_Groovy Subdomain_takeover 
CVE-2021-26086_PathTraversal_Atlassian_Jira Swagger_found 
CVE-2021-40438_Apache_mod_proxy_SSRF Symfony_Response 
CVE-2021-40539_Zoho_ManageEngine_ADSelfService Tomcat_Response_Detection 
CVE-2021-43798_Grafana_LFI Traefik_Response 
CVE-2021-44228_RCE_Log4j vBulletin_Response 
CVE-2021-44228_RCE_Log4j_GETPOST WAF_Found 
CVE-2021-44228_RCE_Log4j_urlEncode WordPress detection 
CVE-2022-1388_F5_Big_IP_RCE WP_Config 
Drupal_User_Enum   
Drupal_User_Enum_Redirect   
Easy_wp_smtp_listing_enabled   
Echo_RCE   
Expect_RCE   
Fuzzing_directories   
GitFinder   
Graphql Introspection   
Host_Header_Injection   
Jira_unauthenticated_Info   
Kubernetes_API_Exposed   
Open Firebase Database   
OpenRedirect   
OpenRedirect_GETParams   
OpenRedirect_POSTParams   
OpenRedirect_SSRF_Collaborator   
OpenRedirect_SSRF_Collaborator_GETParams   
OpenRedirect_SSRF_Collaborator_HTTP0_9   
OpenRedirect_SSRF_Collaborator_HTTP1_0   
OpenRedirect_SSRF_Collaborator_POSTParams   
OpenRedirect_to_Account_Takeover   
Openredirect_to_XSS   
OpenRedirect-ParameterPollution   
OpenRedirect-ParameterPollution_Path   
Password-Reset-Headers   
Password-Reset-Params   
Password-Reset-URL   
PathTraversal_Linux   
PathTraversal_Linux_GETParams   
PathTraversal_Linux_POSTParams   
PathTraversal_Windows   
PathTraversal_Windows_GETParams   
PathTraversal_Windows_POSTParams   
PHP_RCE   
PHP_RCE_GETParams   
PHP_RCE_POSTParams   
RCE_Linux   
RCE_Linux_GETParams   
RCE_Linux_POSTParams   
RCE_Windows   
RCE_Windows_GETParams   
RCE_Windows_POSTParams   
Solarwinds_default_admin   
Source_code   
Spring Boot Actuators   
SQLi   
SQLi_Collaborator   
SQLi_Collaborator_GETParams   
SQLi_Collaborator_POSTParams   
SQLi_GETParams   
SQLi_POSTParams   
SQLi_TimeBased   
SQLi_TimeBased_GETParams   
SQLi_TimeBased_POSTParams   
SSRF_Collaborator_HTTP0_9   
SSRF_Collaborator_HTTP1_0   
SSRF-Collaborator   
SSRF-Collaborator_GETParams   
SSRF-Collaborator_POSTParams   
SSRF-URLScheme   
SSRF-URLScheme_GETParams   
SSRF-URLScheme_POSTParams   
SSTI   
SSTI_GET_Params   
SSTI_POST_Params   
SVNFinder   
Swagger-Finder   
Symfony_Debug   
Test_XSS_append   
Test_XSS_append_encoded   
Test_XSS_append_GetParams   
Test_XSS_append_POSTParams   
Test_XSS_discover   
Test_XSS_GET_POST   
WebCachePoisoning   
Woody_Wordpress_RCE   
WordPress_Config_Accessible   
WordPress_directory_listing   
WordPress_JSmol2WP_SSRF   
WordPress_Path_Traversal   
WordPress_user_enum_json   
WordPress_user_enum_oembed   
WordPress_users_enum_yoastseo   
WordPress_XMLRPC_ListMethods   
WordPress_XMLRPC_Pingback   
WordPress Config   
X-Headers-Collaborator   
XSS   
XSS_GET_Params   
XSS_GETPOST   
XSS_HtmlUrlEncode   
XSS_POST_Params   
XSS_UrlEncode   
XXE_Linux   
XXE_Windows   

Burp Bounty Pro 2.5.0截图

Burp Bounty Pro 2.5.0破解版BurpBounty 2.5.0 Cracked

转载请注明出处及链接

Leave a Reply

您的电子邮箱地址不会被公开。 必填项已用*标注