中文 | English

BpArsenal is a Burp Suite plugin developed based on the Montoya API, designed to quickly convert HTTP requests into command-line tool executions, launch third-party tools, and open related websites to improve penetration testing efficiency.

Interface Name	Interface Display
http tool
third-party tool
website
setting
shell_exec

• One-Click Conversion: Quickly convert HTTP requests from Burp Suite into command lines for various security tools
• Variable Replacement: Support dynamic variable replacement, automatically extracting URLs, parameters, headers, and other information from requests
• Batch Processing: Support processing multiple requests simultaneously, generating batch commands
• Working Directory: Support configuring independent working directories for each tool

• Quick Launch: One-click launch of commonly used penetration testing tools
• Auto Start: Support automatic startup of specified tools when the plugin loads
• Favorite Management: Mark frequently used tools as favorites for quick access

• Quick Access: Bookmark commonly used security-related websites and tools
• Category Management: Organize website links by function categories
• One-Click Open: Quickly open websites in the default browser

• Tool Directory: Configure global tool root directory to simplify path management
• Command Prefix: Customize command execution prefix to adapt to different operating systems
• Multi-language: Support Chinese and English interfaces
• Configuration Import/Export: Support backup and sharing of configuration files

1. Download the latest JAR file
2. In Burp Suite, go to "Extensions" -> "Installed"
3. Click "Add" -> "Java" -> Select the JAR file
4. After the plugin loads successfully, the "BpArsenal" tab will appear in Burp Suite

We provide a smart configuration generator generator_config.py that can automatically scan tool directories and generate configuration files.

# 1. View tool directory structure
python script/generator_config.py tree --dir /path/to/tools

# 2. Generate AI prompt (manually send to ChatGPT, etc.)
python script/generator_config.py prompt --dir /path/to/tools --type all --output prompt.txt

# 3. Or directly call AI to generate config (requires OpenAI API key)
python script/generator_config.py generate \
  --dir /path/to/tools \
  --api-key sk-xxx \
  --model gpt-4 \
  --type all \
  --output config.yaml

Detailed Usage: See script/README.md

The plugin's core configuration file is src/main/resources/config.yaml, containing three main sections:

HTTP tools support converting requests from Burp Suite into command-line tool executions with powerful DSL expressions:

httpTool:
- type: Tool Category Name
  content:
  - toolName: Tool Name
    commandList:
    - command: Command Template with DSL Variables
      favor: true/false
      note: Command Description
      workDir: Working Directory Path

Field Descriptions:

• type: Tool category, such as "SQL Injection", "Directory Scanning", etc.
• toolName: Specific tool name, such as "sqlmap", "ffuf", etc.
• command: Command template supporting DSL variable replacement and function calls
• favor: Whether it's a favorite command
• note: Detailed description of the command
• workDir: Working directory for command execution (optional)

DSL Variable Syntax:

All DSL expressions use %expression% format:

• Chain Access: %http.request.url%
• Function Call: %hash(http.request.body, "sha256")%
• Nested Expression: %base64(json(http.request.body, "$.token"), "encode")%

Basic HTTP Variables:

Batch Processing Variables:

Built-in DSL Functions:

Advanced DSL Examples:

# SQLMap with temp file
sqlmap -r %tmpFile(http.request.body.raw, 'txt')% --batch

# Batch URL scanning
nuclei -list %tmpFile(unique(httpList.requests.*.request.url), 'txt')% -t cves/

# Extract and hash JSON field
echo %hash(json(http.request.body, "$.password"), "sha256")%

# Save unique hosts to file
nmap -iL %file(unique(httpList.requests.*.request.host), 'hosts.txt')% -p 80,443

# Nested functions
curl -H "Auth: %base64(json(http.response.body, "$.token"), "encode")%" https://api.example.com

Configuration Example:

httpTool:
- type: SQL Injection
  content:
  - toolName: sqlmap
    commandList:
    - command: sqlmap -u "%http.request.url%" --cookie="%http.request.headers.cookie%" --batch --dbs
      favor: true
      note: Basic SQL injection test
      workDir: ''
    - command: sqlmap -r %tmpFile(http.request.body.raw, 'txt')% --batch --risk=3 --level=5
      favor: true
      note: Deep injection test with request file
      workDir: ''
    - command: sqlmap -m %tmpFile(unique(httpList.requests.*.request.url), 'txt')% --batch --threads=5
      favor: false
      note: Batch URL injection test
      workDir: ''

Third-party tools are used to quickly launch commonly used penetration testing tools:

thirtyPart:
- type: Tool Category
  content:
  - toolName: Tool Display Name
    startCommand: Launch Command
    favor: true/false
    note: Tool Description
    workDir: Working Directory
    autoStart: true/false

Field Descriptions:

• toolName: Tool display name
• startCommand: Tool launch command (full path or system command)
• favor: Whether it's a favorite tool
• note: Tool description
• workDir: Working directory (optional)
• autoStart: Whether to auto-start when plugin loads

Configuration Example:

thirtyPart:
- type: Penetration Framework
  content:
  - toolName: Metasploit
    startCommand: msfconsole
    favor: true
    note: Powerful penetration testing framework
    workDir: ''
    autoStart: false
  - toolName: Burp Suite
    startCommand: burpsuite
    favor: true
    note: Web application security testing
    workDir: ''
    autoStart: false

Website bookmarks are used to quickly access commonly used security-related websites:

webSite:
- type: Website Category
  content:
  - url: Website URL
    desc: Website Description
    favor: true/false

Field Descriptions:

• type: Website category, such as "OSINT", "Vulnerability Database", etc.
• url: Complete website URL
• desc: Website description
• favor: Whether it's a favorite website

Configuration Example:

webSite:
- type: OSINT
  content:
  - url: https://www.shodan.io
    desc: Shodan Search Engine
    favor: true
  - url: https://www.zoomeye.org
    desc: ZoomEye Cyberspace Search
    favor: true
- type: Vulnerability Database
  content:
  - url: https://cve.mitre.org
    desc: CVE Official Database
    favor: true
  - url: https://nvd.nist.gov
    desc: NVD Vulnerability Database
    favor: true

1. Select a request in Burp Suite's HTTP history, proxy intercept, or repeater
2. Right-click and select "Arsenal" or "Favorite"
3. Choose the tool and command you want to use in the popup dialog
4. Click "Run" to execute the command

• Browse all configured HTTP tools
• Use search functionality to quickly locate tools
• Double-click tool rows to open edit dialog
• Right-click menu for add, edit, delete operations

• View all configured third-party tools
• Click tool names to quickly launch
• Manage tool favorite status

• Browse bookmarked websites
• Click website descriptions to open in browser
• Manage website bookmarks and categories

• Tool Directory Settings: Configure global tool root directory to simplify path configuration in commands
• Command Prefix Settings: Customize command execution prefix (auto-detects system by default)
• Language Settings: Choose interface language (Chinese/English)
• Configuration Management: Import, export, reset configuration files

The system determines command execution working directory in the following priority order:

1. Tool-configured working directory - workDir field in config.json
2. Global tool directory setting - Tool root directory configured in settings panel
3. Current directory - If none of the above are set, use current working directory

The plugin automatically replaces variables in command templates with actual HTTP request data:

Original Command Template:

sqlmap -u "%http.request.url%" --cookie="%http.request.headers.cookies%" --dbs

Replaced Command:

sqlmap -u "https://example.com/login" --cookie="sessionid=abc123; csrftoken=xyz789" --dbs

• Use global tool directory settings to avoid writing full paths for each command
• Set separate workDir for tools requiring specific environments
• Use relative paths to improve configuration portability

• Design multiple command templates for different scenarios
• Use meaningful note fields to explain command purposes
• Use favor appropriately to mark frequently used commands

• Categorize by tool type or testing phase
• Use consistent naming conventions
• Regularly organize and update configurations

• Use high-risk testing commands with caution
• Ensure testing is performed in authorized environments
• Pay attention to sensitive information handling in commands

• Development Language: Java
• API Framework: Burp Suite Montoya API
• Architecture Pattern: MVC (Model-View-Controller)
• Design Patterns: Singleton Pattern, Strategy Pattern
• UI Framework: Java Swing
• Internationalization: Multi-language switching support
• Configuration Format: JSON

• Initial release
• Support for HTTP tools, third-party tools, website management
• Complete variable replacement system
• Multi-language interface support
• Configuration import/export functionality

Issues and Pull Requests are welcome to improve this plugin.

1. Clone the project: git clone [repository-url]
2. Import into IDE (IntelliJ IDEA recommended)
3. Install Maven dependencies
4. Configure Burp Suite development environment

• feat: New features
• fix: Bug fixes
• docs: Documentation updates
• style: Code formatting adjustments
• refactor: Code refactoring

This project is licensed under the MIT License - see the LICENSE file for details.

youmulijiang

I'm just an ordinary security developer.If this project helps you, please click the ⭐ in the top-right corner. youmulijiang loves stars the most! ヾ(≧▽≦*)o*

⚠️ Disclaimer: This tool is intended for authorized security testing only. Users are responsible for their own actions. The author assumes no liability for any loss or damage caused by misuse, abuse, or illegal use of this tool.