A complete rewrite of the HUNT scanner.
The Burp Suite extension works in both the Community (Free) and Professional versions.
The OWASP Zed Attack Proxy (ZAP) add-on works on that latest ZAP version (2.9.0).
- Passively scan for potentially vulnerable parameters
- OWASP ZAP Plugin =======
The Burp Suite extension works in both the Community (Free) and Professional versions.
- Passively scan for potentially vulnerable parameters
- OWASP ZAP Plugin
- Ability to add and modify rules
- Identify reflected parameters
You can find the latest release (JAR file) here.
gradle build fatJar
Extension JAR will be located at: build/libs/hunt-x.x.x.jar
-
Open Burp Suite
-
Go to Extender tab
-
Burp Extensions -> Add
-
Load hunt-x.x.x.jar
You can find the latest release (ZAP file) here.
gradle build
Add-on ZAP file will be located at: ./build/zapAddOn/bin
- Open OWASP ZAP
- File
- Load Add-on file
- Select HUNT
.zap
file
======= 4. Load HUNT-x.x.jar
- Set scope
- Manually navigate or spider the application
- Requests will vulnerable parameters be added to the
HUNT
tab. - Select and right click on request to view details about the vulnerable parameter.
HUNT v2 (Remix) was created by cak [projects] utilizing the research from JP Villanueva, Jason Haddix and team at Bugcrowd.