A complete rewrite of the HUNT scanner.

The Burp Suite extension works in both the Community (Free) and Professional versions.

The OWASP Zed Attack Proxy (ZAP) add-on works on that latest ZAP version (2.9.0).

• Passively scan for potentially vulnerable parameters

• OWASP ZAP Plugin =======

The Burp Suite extension works in both the Community (Free) and Professional versions.

• Passively scan for potentially vulnerable parameters

• OWASP ZAP Plugin
• Ability to add and modify rules
• Identify reflected parameters

You can find the latest release (JAR file) here.

gradle build fatJar

Extension JAR will be located at: build/libs/hunt-x.x.x.jar

1. Open Burp Suite

2. Go to Extender tab

3. Burp Extensions -> Add

4. Load hunt-x.x.x.jar

You can find the latest release (ZAP file) here.

gradle build

Add-on ZAP file will be located at: ./build/zapAddOn/bin

1. Open OWASP ZAP
2. File
3. Load Add-on file
4. Select HUNT .zap file

======= 4. Load HUNT-x.x.jar

1. Set scope
2. Manually navigate or spider the application
3. Requests will vulnerable parameters be added to the HUNT tab.
4. Select and right click on request to view details about the vulnerable parameter.

HUNT v2 (Remix) was created by cak [projects] utilizing the research from JP Villanueva, Jason Haddix and team at Bugcrowd.