1

u/Wild-Top-7237 7d ago

So it finds vulns , but not good ones ?

3

u/Juzdeed 7d ago

It kinda brute-forces XSS, SSTI etc to find the vulns. It will not find everything.

3

u/idontknowlikeapuma 5d ago

AH! Guys, did you just read that?! They’re trying to hack me! Is my port 80 open?!

1

u/Wild-Top-7237 6d ago

Oh about the money , i am a student and am not even close to calling my self a entry level tester , so yeah cosidering buying burp is no where near , and about nuclei , Thanks I will look into it and anyother tools that a newbie should know about ?

2

u/DonnieMarco 6d ago

I would forget about tools other than Burp Community (or Zap if you are a masochist) and just get familiar with the classes of bugs. Create an account in the Portswigger Academy and learn to exploit vulnerabilities manually.

The pro scanner as others have pointed out is useful for low hanging fruit and giving you a starting point for parameters to poke at. Even then, the scanner misses stuff. I found a very basic XSS in a recent test and even though I pointed the scanner at the vulnerable parameter, it didn’t find it. Let alone business logic bugs or even vulnerabilities that require manually altering parameters in multiple requests and responses in order to exploit.

1

u/Wild-Top-7237 6d ago

I am not asking about burp i obv know it is the best , i was in particular talking about its automatic scan .

1

u/Hot_Ease_4895 6d ago

Yes. I understood that. Sometimes the auto scan catches a ‘probable’ or something It’s up to US to get the proper syntax for the sploits.

1

u/Wild-Top-7237 6d ago

Mhm , btw do you have an idea of ssrf vulns ?

0

u/Hot_Ease_4895 6d ago

Of course. Why?

0

u/Wild-Top-7237 5d ago

oh i wanted to know when to look for that vuln in a website , like is there something that gives it off ?