Skip to content

Burp Suite Enterprise Edition Power Tools

License

Notifications You must be signed in to change notification settings

PortSwigger/bseept

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BSEEPT: Burp Suite Enterprise Edition Power Tools

A command line utility and Python client library for Burp Suite Enterprise Edition's (https://portswigger.net/burp/enterprise) GraphQL API allowing you to query and configure.

All output returned is in JSON format which can be parsed and prettified by piping through jq and similar

Notice

This tool is not actively maintained by PortSwigger. However, we welcome pull requests that contribute to this repository.

Features

The following lists track the implemented versus to-do features. Please raise any bugs/feature requests as issues.

Implemented

  • Get sites via --getsites
  • Get folders via --getfolders
  • Get site tree via --getsitetree
  • Get scans via --getscans
  • Get scan configurations via --getscanconfigs
  • Get scan issues via --getscanissues
  • Get scan report in HTML via --getscanreport
  • Get scan report in XML via --getscanreportxml
  • Get agents via --getagents
  • Get unauthorized agents via --getunauthorizedagents
  • Get agentpools via --getagentpools
  • Get schedule via --getschedule
  • Get extensions via --getextensions
  • Create site via createsite
  • Delete site via deletesite
  • Rename site via renamesite
  • Update site extensions via updatesiteextensions
  • Move site via movesite
  • Add scan via addscanschedule
  • Delete scan schedule via deletescanschedule
  • Update scan schedule via updatescanschedule
  • Create folder via createfolder
  • Delete folder via deletefolder
  • Rename folder via renamefolder
  • Move folder via movefolder
  • Rename agent via renameagent
  • Enable agent via enableagent
  • Disable agent via disableagent
  • Update agent maximum concurrent scans via updateagentmaxconcurrentscans
  • Create agent pool via createagentpool
  • Update agent pool via updateagentpool
  • Delete agent pool via deleteagentpool
  • Update extension name via updateextensionname
  • Update extension description via updateextensiondescription
  • Upload extension via uploadextension
  • Update extension JAR via updateextensionjar
  • Delete extension via deleteextension
  • Upload BApp via uploadbapp
  • Get BApp details via getbappdetails
  • Create scan config via createscanconfig
  • Update scan config via updatescanconfig
  • Delete scan config via deletescanconfig
  • Create site login credentials viacreatesitelogincredentials
  • Update site login credentials via createsitelogincredentials
  • Delete site login credentials via deletesitelogincredentials
  • Create site recorded login credentials viacreatesiterecordedlogin
  • Delete site recorded login credentials via deletesiterecordedlogin
  • Create site email receipient viacreatesiteemailreceipient
  • Update site email receipient via updatesiteemailreceipient
  • Delete site email receipient via deletesiteemailreceipient
  • Authorize agent via authorizeagent
  • Deauthorize agent via deauthorizeagent
  • Move agent pool via moveagentpool
  • Assign site to agent pool via assignsitetogentpool
  • Update site scan config via updatesitescanconfig
  • Update site scope via updatesitescope
  • Update false positive status for an issue via updatefalsepositive
  • Higher-level concept/command - extract scan issue to JSON via getissuedetails
  • Update site scope via v2 API updatesitescopev2
  • Get the BSEE current schema from the server via --getbseeschema (secrets beyond the documentation)

To Do

  • Create site request cookie via create_site_request_cookie
  • Update site request cookie via update_site_request_cookie
  • Delete site request cookie via delete_site_request_cookie
  • Create site request header via create_site_request_header
  • Update site request header via update_site_request_header
  • Delete site request header via delete_site_request_header
  • Slack app configuration via slack_app_configuration
  • Update Slack settings via update_slack_settings
  • Update site Slack channels via update_site_slack_channels
  • Update folder slack channels via update_folder_slack_channels
  • Write test case suite

Authentication Configuration

You can configure authentication with the API key to work in one of two ways. Either via environment variables (i.e. setting the URL and/or API via specific variables) or by supplying the command line.

via environment variables example on Windows:

set BSEEURL=https://my.bsee.server/
set BSEEAPIKEY=MYAPIKEY

via command line

py bseept.py --url https://my.bsee.server/ --apikey MYAPIKEY --getsites

Help

The following is the help output from the tool

# bseept.py --help                                                             
usage: bseept [-h] [-u URL] [--apikey APIKEY] [--getsites] [--getfolders] [--getsitetree] [--getscans] [--getscanconfigs]
              [--getscanissues GETSCANISSUES] [--getscanreport GETSCANREPORT] [--getscanreportxml GETSCANREPORTXML] [--getschedule]
              [--getagents] [--getagentpools] [--getunauthorizedagents] [--getextensions]
              {createsite,deletesite,renamesite,movesite,updatesitescanconfig,updatesitescope,updatesitescopev2,updatesiteextensions,createsitelogincredentials,updatesitelogincredentials,deletesitelogincredentials,createsiterecordedlogin,deletesiterecordedlogin,createsiteemailreceipient,updatesiteemailreceipient,deletesiteemailreceipient,addscanschedule,updatescanschedule,deletescanschedule,createscanconfig,updatescanconfig,deletescanconfig,uploadbapp,getbappdetails,uploadextension,updateextensionname,updateextensiondescription,updateextensionjar,deleteextension,authorizeagent,deauthorizeagent,renameagent,enableagent,disableagent,updateagentmaxconcurrentscans,createagentpool,updateagentpool,moveagentpool,deleteagentpool,assignsitestoagentpool,createfolder,deletefolder,renamefolder,movefolder,updatefalsepositive,getissuedetails}
              ...

Burp Suite Enterprise Edition Power Tools

positional arguments:
  {createsite,deletesite,renamesite,movesite,updatesitescanconfig,updatesitescope,updatesitescopev2,updatesiteextensions,createsitelogincredentials,updatesitelogincredentials,deletesitelogincredentials,createsiterecordedlogin,deletesiterecordedlogin,createsiteemailreceipient,updatesiteemailreceipient,deletesiteemailreceipient,addscanschedule,updatescanschedule,deletescanschedule,createscanconfig,updatescanconfig,deletescanconfig,uploadbapp,getbappdetails,uploadextension,updateextensionname,updateextensiondescription,updateextensionjar,deleteextension,authorizeagent,deauthorizeagent,renameagent,enableagent,disableagent,updateagentmaxconcurrentscans,createagentpool,updateagentpool,moveagentpool,deleteagentpool,assignsitestoagentpool,createfolder,deletefolder,renamefolder,movefolder,updatefalsepositive,getissuedetails}
                        modify commands
    createsite          Create a site
    deletesite          Delete a site
    renamesite          Rename a site
    movesite            Move a site
    updatesitescanconfig
                        Update a site scan configuration
    updatesitescope     Update a site scope
    updatesitescopev2   Update a site scope v2
    updatesiteextensions
                        Update a site's extensions
    createsitelogincredentials
                        Create a sites login credentials
    updatesitelogincredentials
                        Update a sites login credentials
    deletesitelogincredentials
                        Delete a sites login credentials
    createsiterecordedlogin
                        Create a sites recorded login credentials
    deletesiterecordedlogin
                        Delete a sites recorded login credentials
    createsiteemailreceipient
                        Create a site email receipient for reporting
    updatesiteemailreceipient
                        Update a site email receipient for reporting
    deletesiteemailreceipient
                        Delete a site email receipient for reporting
    addscanschedule     Add a scan schedule
    updatescanschedule  Update a scan schedule
    deletescanschedule  Delete a scan
    createscanconfig    Create a scan configuration
    updatescanconfig    Update a scan configuration
    deletescanconfig    Delete a scan configuration
    uploadbapp          Upload a BApp
    getbappdetails      Get BApp details without adding it to the list of usable extensions - this uploads and parses the BApp
    uploadextension     Upload a custom extension
    updateextensionname
                        Update a custom extension name
    updateextensiondescription
                        Update a custom extension description
    updateextensionjar  Update a custom extension JAR
    deleteextension     Delete a custom extension or BApp
    authorizeagent      Authorize a new agent to be able to run scans
    deauthorizeagent    Deauthorize an existing agent from running scans
    renameagent         Rename an existing agent
    enableagent         Enable an existing agent
    disableagent        Disable an existing agent
    updateagentmaxconcurrentscans
                        Update the maximum number of concurrent scans this agent host can run
    createagentpool     Create an agent pool
    updateagentpool     Update an agent pool
    moveagentpool       Move an agent pool
    deleteagentpool     Delete an agent pool
    assignsitestoagentpool
                        Assign sites to an agent pool
    createfolder        Create a folder
    deletefolder        Delete a folder
    renamefolder        Rename a folder
    movefolder          Move a folder
    updatefalsepositive
                        Update the false positive for an issue
    getissuedetails     Get details for a specific issue returns by --getscanissues

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Burp Suite Enterprise Edition URL
  --apikey APIKEY       Burp Suite Enterprise Edition API key
  --getsites            Configured all configured sites
  --getfolders          Configured folders in BSEE
  --getsitetree         Configured site tree in BSEE
  --getscans            Configured all configured scans
  --getscanconfigs      Get all scan configuration definitions
  --getscanissues GETSCANISSUES
                        Get scan issues specified by the supplied scan ID
  --getscanreport GETSCANREPORT
                        Get scan HTML report specified by the supplied scan ID
  --getscanreportxml GETSCANREPORTXML
                        Get scan XML report specified by the supplied scan ID
  --getschedule         Scan schedules
  --getagents           Configured scan agents
  --getagentpools       Configured scan agent pools
  --getunauthorizedagents
                        Get the curretly unauthorized agents
  --getextensions       Extensions installed
  --getbseeschema       Current BSEE schema

with 🧡 from PortSwigger

Examples

The following are example use cases.

Creating a site

 > py bseept.py createsite --sitename MyTestSite --scanconfigurationid ba4f8ce0-af9a-4450-ad35-78f083375088 --siteurls https://ginandjuice.shop
 {"data": {"create_site": {"site": {"id": "46", "parent_id": "0", "scope": {"included_urls": ["https://ginandjuice.shop"], "protocol_options": "USE_SPECIFIED_PROTOCOLS"}, "application_logins": {"login_credentials": [], "recorded_logins": []}, "scan_configurations": [{"id": "ba4f8ce0-af9a-4450-ad35-78f083375088"}]}}}}

Creating a scan from a site and parse the response via jq to prettyfi

> py bseept.py addscanschedule --siteid 44 --initialruntime 2024-08-19T11:07:25.664Z --schedule "FREQ=DAILY;INTERVAL=2" --scanconfigurationids ba4f8ce0-af9a-4450-ad35-78f083375088 8f7c2d95-0a72-40ce-a186-777348720870 | jq
{
 "data": {
   "create_schedule_item": {
     "schedule_item": {
       "id": "27",
       "schedule": {
         "initial_run_time": "2024-08-19T11:07:25.664Z",
         "rrule": "FREQ=DAILY;INTERVAL=2"
       },
       "scan_configurations": [
         {
           "id": "ba4f8ce0-af9a-4450-ad35-78f083375088",
           "name": "Audit coverage - maximum"
         }
       ]
     }
   }
 }
}

Get the extensions and parse via jq to prettyfi

> py bseept.py --getextensions | c:\data\utils\jq
{
 "data": {
   "extensions": [
     {
       "id": "526b9b32-9a0c-4a7a-9d73-60cfb53ad408",
       "uploaded_filename": "9cff8c55432a45808432e26dbb2b41d8 (1).bapp",
       "name": "Backslash Powered Scanner",
       "description": "Finds unknown classes of injection vulnerabilities.",
       "uploaded_date": "2022-11-02T13:48:53.774Z",
       "uploaded_by": "administrator",
       "bapp_details": {
         "bapp_uuid": "9cff8c55432a45808432e26dbb2b41d8",
         "author": "James 'albinowax' Kettle, PortSwigger Web Security",
         "version": "1.21"
       }
     },
     {
       "id": "034657cc-0f31-44b0-8d0a-b9a57627818e",
       "uploaded_filename": "test-custom-extension.jar",
       "name": "test-custom-extension.jar",
       "description": "Adds an issue to a scan",
       "uploaded_date": "2023-02-08T15:41:25.471Z",
       "uploaded_by": "administrator",
       "bapp_details": null
     }
   ]
 }
}

Get the extensions and parse via jq to extract just the names

> py bseept.py --getextensions | c:\data\utils\jq ".[].extensions[] | .name" | more
"Backslash Powered Scanner"
"test-custom-extension.jar"

Get the scheduled scans and parse via jq to prettyfi

> py bseept.py --getschedule | c:\data\utils\jq | more
{
 "data": {
   "schedule_items": [
     {
       "id": "1",
       "site": {
         "id": "1",
         "name": "Gin & Juice"
       },
       "schedule": {
         "initial_run_time": "2022-09-02T13:51:14.550Z",
         "rrule": "FREQ=DAILY;INTERVAL=2"
       },
       "has_run_more_than_once": true,
       "scheduled_run_time": "2023-02-21T13:51:14.000Z"
     }
   ]
 }
}

Delete a scheduled scan

> py bseept.py deletescanschedule --scanid 25
{"data": {"delete_schedule_item": {"id": "25"}}}

Update a sites scope and parse the response through jq

> py bseept.py updatesitescope --siteid 55 --includedurls https://ginandjuice.shop https://www.binaryfirefly.com --excludedurls "https://portswigger.net" | jq 
{
 "data": {
   "update_site_scope": {
     "scope": {
       "included_urls": [
         "https://ginandjuice.shop",
         "https://www.binaryfirefly.com"
       ],
       "excluded_urls": [
         "https://portswigger.net"
       ],
       "protocol_options": "USE_SPECIFIED_PROTOCOLS"
     }
   }
 }
}

Update a sites scope using v2 API and parse the response through jq

>py bseept.py --siteid 30 --inscopeprefix https://ginandjuice.shop https://www.binaryfirefly.com --outscopeprefix "https://portswigger.net" --starturls "https://ginandjuice.shop" | jq
{
  "data": {
    "update_site_scope_v2": {
      "site": {
        "id": "30",
        "name": "'kdkd2342j2'",
        "scope_v2": {
          "in_scope_url_prefixes": [
            "https://ginandjuice.shop",
            "https://www.binaryfirefly.com"
          ],
          "out_of_scope_url_prefixes": [
            "https://portswigger.net"
          ],
          "protocol_options": "USE_SPECIFIED_PROTOCOLS",
          "start_urls": [
            "https://ginandjuice.shop"
          ]
        }
      }
    }
  }
}

Update a sites scan configuration IDs to use and parse the response through jq

> py bseept.py updatesitescanconfig --siteid 44 --scanconfigids 8f7c2d95-0a72-40ce-a186-777348720870 a6d11dcd-d3e7-424a-b8c4-90bf28b5785d | jq
{
 "data": {
   "update_site_scan_configurations": {
     "site": {
       "id": "44",
       "name": "thisis33ate4333st33324",
       "scan_configurations": [
         {
           "id": "8f7c2d95-0a72-40ce-a186-777348720870"
         },
         {
           "id": "a6d11dcd-d3e7-424a-b8c4-90bf28b5785d"
         }
       ]
     }
   }
 }
}

Get scan details and then get scan results in various formats and outputs

First get the scan details

bseept % python3 bseept.py --getscans  | jq 
{
  "data": {
    "scans": [
      {
        "id": "123",
        "status": "succeeded",
        "site_id": "1",
        "schedule_item": {
          "id": "1",
          "site": {
            "id": "1",
            "name": "Gin & Juice"
          },
          "schedule": {
            "initial_run_time": "2022-09-02T13:51:14.550Z",
            "rrule": "FREQ=DAILY;INTERVAL=2"
          },
          "has_run_more_than_once": true,
          "scheduled_run_time": "2023-03-15T13:51:14.000Z"
        },
        "scheduled_start_time": "2023-03-13T13:51:14.000Z",
        "start_time": "2023-03-13T13:51:54.525Z",
        "end_time": "2023-03-13T14:37:50.525Z",
        "duration_in_seconds": 2756,
        "scan_failure_code": null,
        "scan_metrics": {
          "crawl_request_count": 774,
          "unique_location_count": 54,
          "audit_request_count": 57437,
          "crawl_and_audit_progress_percentage": 100,
          "scan_phase": null,
          "audit_start_time": null,
          "current_url": "https://ginandjuice.shop:443/robots.txt"
        },
        "scan_failure_message": null,
        "scan_delta": {
          "new_issue_count": 0,
          "repeated_issue_count": 40,
          "regressed_issue_count": 0,
          "resolved_issue_count": 0
        },
        "issue_counts": {
          "total": 40,
          "high": {
            "total": 11,
            "firm": 4,
            "tentative": 0,
            "certain": 7
          },
          "medium": {
            "total": 0,
            "firm": 0,
            "tentative": 0,
            "certain": 0
          },
          "low": {
            "total": 10,
            "firm": 5,
            "tentative": 3,
            "certain": 2
          },
          "info": {
            "total": 19,
            "firm": 1,
            "tentative": 1,
            "certain": 17
          }
        },
        "scanner_version": "2023.2.3",
        "scanner_build_number": 19390
      },
...

Then extract the issues for the successful scan

bseept % python3 bseept.py --getscanissues 123 | jq
{
  "data": {
    "scan": {
      "issues": [
        {
          "issue_type": {
            "name": "External service interaction (HTTP)",
            "description_html": "<p>External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own right, and in some cases might even be the intended behavior of the application.\nHowever, in many cases, it can indicate a vulnerability with serious consequences.</p>\n<p>The ability to send requests to other systems can allow the vulnerable server to be used as an attack proxy.\n  By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. \n  This may include public third-party systems, internal systems within the same organization, or services available on the local loopback adapter of the application server itself. \n  Depending on the network architecture, this may expose highly vulnerable internal services that are not otherwise accessible to external attackers. </p>",
            "remediation_html": "<p>You should review the purpose and intended use of the relevant application functionality, \n  and determine whether the ability to trigger arbitrary external service interactions is intended behavior. \n  If so, you should be aware of the types of attacks that can be performed via this behavior and take appropriate measures. \n  These measures might include blocking network access from the application server to other internal systems, and hardening the application server itself to remove any services available on the local loopback adapter.</p>\n<p>If the ability to trigger arbitrary external service interactions is not intended behavior, then you should implement a whitelist of permitted services and hosts, and block any interactions that do not appear on this whitelist.</p>\n\n<p>Out-of-Band Application Security Testing (OAST) is highly effective at uncovering high-risk features, to the point where finding the root cause of an interaction can be quite challenging. To find the source of an external service interaction, try to identify whether it is triggered by specific application functionality, or occurs indiscriminately on all requests. If it occurs on all endpoints, a front-end CDN or application firewall may be responsible, or a back-end analytics system parsing server logs. In some cases, interactions may originate from third-party systems; for example, a HTTP request may trigger a poisoned email which passes through a link-scanner on its way to the recipient.</p>",
            "vulnerability_classifications_html": "<ul>\n<li><a href=\"https://cwe.mitre.org/data/definitions/918.html\">CWE-918: Server-Side Request Forgery (SSRF)</a></li>\n<li><a href=\"https://cwe.mitre.org/data/definitions/406.html\">CWE-406: Insufficient Control of Network Message Volume (Network Amplification)</a></li>\n</ul>",
            "references_html": "<ul>\n  <li><a href=\"https://portswigger.net/blog/introducing-burp-collaborator\">Burp Collaborator</a></li>\n  <li><a href=\"https://portswigger.net/burp/application-security-testing/oast\">Out-of-band application security testing (OAST)</a></li>\n  <li><a href=\"https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface\">PortSwigger Research: Cracking the Lens</a></li>\n</ul>"
          },
          "confidence": "certain",
          "display_confidence": null,
          "serial_number": "5601616512020228096",
          "severity": "high",
          "description_html": "It is possible to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains.<br><br>The payload <b>http://s0t5stlr0i5p270b2o0hxzl1ksqlee24qzdq1f.oastify.com/</b> was submitted in the <b>Referer</b> HTTP header.<br><br>The application performed an HTTP request to the specified domain.",
          "remediation_html": null,
          "path": "/catalog",
          "origin": "https://ginandjuice.shop",
          "novelty": "repeated",
          "tickets": null,
          "generated_by_extension": null
        },

Then use jq to parse the JSON and print the issue titles

bseept % python3 bseept.py --getscanissues 123 | jq ".[].scan.issues[].issue_type.name"        
"External service interaction (HTTP)"
"External service interaction (HTTP)"
"External service interaction (HTTP)"
"HTTP response header injection"
"External service interaction (HTTP)"
"Cross-site scripting (reflected)"
"Cross-site scripting (reflected)"
"SQL injection"
"XML external entity injection"
"Cross-site scripting (reflected)"
"Client-side template injection"
"Strict transport security not enforced"
"Password field with autocomplete enabled"
"Iterable input"
"Iterable input"
"Iterable input"
"Iterable input"
"Iterable input"
"Open redirection (DOM-based)"
"Open redirection (DOM-based)"
"Vulnerable JavaScript dependency"
"Cookie without HttpOnly flag set"
"Cookie without HttpOnly flag set"
"Input returned in response (reflected)"
"Cacheable HTTPS response"
"TLS certificate"
"TLS cookie without secure flag set"
"External service interaction (DNS)"
"External service interaction (DNS)"
"Input returned in response (reflected)"
"External service interaction (DNS)"
"Input returned in response (reflected)"
"Cross-site scripting (reflected)"
"Input returned in response (reflected)"
"External service interaction (DNS)"
"Input returned in response (reflected)"
"Input returned in response (reflected)"
"Input returned in response (reflected)"
"Client-side prototype pollution"
"Request URL override"

Then extract into CSV lines

bseept % python3 bseept.py --getscanissues 123 | jq '.[].scan.issues[] | "\(.issue_type.name),\(.origin),\(.path)"'
"External service interaction (HTTP),https://ginandjuice.shop,/catalog"
"External service interaction (HTTP),https://ginandjuice.shop,/catalog/filter"
"External service interaction (HTTP),https://ginandjuice.shop,/catalog/product"
"HTTP response header injection,https://ginandjuice.shop,/catalog/product-search-results/5"
"External service interaction (HTTP),https://ginandjuice.shop,/catalog/product/stock"
"Cross-site scripting (reflected),https://ginandjuice.shop,/catalog/search/3"
"Cross-site scripting (reflected),https://ginandjuice.shop,/catalog/search/4"
"SQL injection,https://ginandjuice.shop,/catalog/filter"
"XML external entity injection,https://ginandjuice.shop,/catalog/product/stock"
"Cross-site scripting (reflected),https://ginandjuice.shop,/catalog/search/2"
"Client-side template injection,https://ginandjuice.shop,/catalog/search/4"
"Strict transport security not enforced,https://ginandjuice.shop,/"
"Password field with autocomplete enabled,https://ginandjuice.shop,/login"
"Iterable input,https://ginandjuice.shop,/post"
"Iterable input,https://ginandjuice.shop,/post"
"Iterable input,https://ginandjuice.shop,/post"
"Iterable input,https://ginandjuice.shop,/post"
"Iterable input,https://ginandjuice.shop,/post"
"Open redirection (DOM-based),https://ginandjuice.shop,/catalog/product"
"Open redirection (DOM-based),https://ginandjuice.shop,/catalog/product"
"Vulnerable JavaScript dependency,https://ginandjuice.shop,/resources/js/angular_1-7-7.js"
"Cookie without HttpOnly flag set,https://ginandjuice.shop,/"
"Cookie without HttpOnly flag set,https://ginandjuice.shop,/"
"Input returned in response (reflected),https://ginandjuice.shop,/"
"Cacheable HTTPS response,https://ginandjuice.shop,/"
"TLS certificate,https://ginandjuice.shop,/"
"TLS cookie without secure flag set,https://ginandjuice.shop,/"
"External service interaction (DNS),https://ginandjuice.shop,/catalog"
"External service interaction (DNS),https://ginandjuice.shop,/catalog/filter"
"Input returned in response (reflected),https://ginandjuice.shop,/catalog/filter"
"External service interaction (DNS),https://ginandjuice.shop,/catalog/product"
"Input returned in response (reflected),https://ginandjuice.shop,/catalog/product-search-results/1"
"Cross-site scripting (reflected),https://ginandjuice.shop,/catalog/product-search-results/1"
"Input returned in response (reflected),https://ginandjuice.shop,/catalog/product-search-results/5"
"External service interaction (DNS),https://ginandjuice.shop,/catalog/product/stock"
"Input returned in response (reflected),https://ginandjuice.shop,/catalog/search/2"
"Input returned in response (reflected),https://ginandjuice.shop,/catalog/search/3"
"Input returned in response (reflected),https://ginandjuice.shop,/catalog/search/4"
"Client-side prototype pollution,https://ginandjuice.shop,/"
"Request URL override,https://ginandjuice.shop,/"

then do the same, sort and count

bseept % python3 bseept.py --getscanissues 123 | jq ".[].scan.issues[].issue_type.name" | sort | uniq -c
   1 "Cacheable HTTPS response"
   1 "Client-side prototype pollution"
   1 "Client-side template injection"
   2 "Cookie without HttpOnly flag set"
   4 "Cross-site scripting (reflected)"
   4 "External service interaction (DNS)"
   4 "External service interaction (HTTP)"
   1 "HTTP response header injection"
   7 "Input returned in response (reflected)"
   5 "Iterable input"
   2 "Open redirection (DOM-based)"
   1 "Password field with autocomplete enabled"
   1 "Request URL override"
   1 "SQL injection"
   1 "Strict transport security not enforced"
   1 "TLS certificate"
   1 "TLS cookie without secure flag set"
   1 "Vulnerable JavaScript dependency"
   1 "XML external entity injection"

Get specific issue details

Get all the fields for an issue including all the evidence which ecompasses all the requests and respponses etc.

bseept % python3 bseept.py getissuedetails --scanid 123 --issueserial 5601616512020228096 | jq
{
  "data": {
    "issue": {
      "confidence": "certain",
      "display_confidence": null,
      "serial_number": "5601616512020228096",
      "severity": "high",
      "description_html": "It is possible to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains.<br><br>The payload <b>http://REDACTED.oastify.com/</b> was submitted in the <b>Referer</b> HTTP header.<br><br>The application performed an HTTP request to the specified domain.",
      "remediation_html": null,
      "path": "/catalog",
      "origin": "https://ginandjuice.shop",
      "remediation_html": null,
      "path": "/catalog",
      "origin": "https://ginandjuice.shop",
      "evidence": [
        {
          "request_index": 0,
          "request_count": 1,
          "request_segments": [
            {

      ...
}

API Examples

The following will use the Python client library for various things. This can be found in bseept-client-library-example.py

#
# Burp Suite Enterprise Edition Power Tools
#
# Ollie Whitehouse - @ollieatnowhere
#


# Client library example

import os
import sys
import json

import bseeptsites


# Main function
def main():

    # Host URL
    BSEEURL = os.getenv('BSEEURL')
    if(BSEEURL is None):
        sys.stderr.write("Need to specify the BSEE URL either in the environment variable BSEEURL")
        exit()
    else:
        apiurl = BSEEURL
        apiurl = apiurl.rstrip('/')
        if(apiurl.startswith("https://") is not True):
            sys.stderr.write("Supplied URL does not begin with https:// as required")
            exit()

    # API key
    BSEEAPIKEY = os.getenv('BSEEAPIKEY')
    if(BSEEAPIKEY is None):
        sys.stderr.write("Need to specify the BSEE API key either in the environment variable BSEEAPIKEY")
        exit()

    # Example 1
    #   - we tell the API to not print itself
    #   - we tell the API to return the resulting JSON to our variable
    #   - we then print the JSON
    print("\n\n--- Example 1\n\n")
    ret = bseeptsites.getsites(apiurl,BSEEAPIKEY,doprint = False, output = True)
    print(json.dumps(ret))

    # Example 2
    #  - we tell the API to print itself
    #  - we tell the API to not return the resulting JSON
    print("\n\n--- Example 2\n\n")
    bseeptsites.getsites(apiurl,BSEEAPIKEY,doprint = True, output = False)


    # Example 3
    #  - we tell the API to return the resulting JSON and then print it
    #  - note: the API will by default also print the results itself as we don't specifically say what to do
    print("\n\n--- Example 3a\n\n")
    ret = bseeptsites.getsites(apiurl,BSEEAPIKEY,output = True)
    print(json.dumps(ret))

# Entry point
if __name__ == '__main__':
    main()

Getting the current schema from Burp Suite Enterprise Edition

Use the following bseept command to get the current schema

> py bseept.py --getbseeschema | jq
{
  "data": {
    "__schema": {
      "queryType": {
        "name": "Query"
      },
      "mutationType": {
        "name": "Mutation"
      },
      ....