Skip to content

vigolium/burp-vigolium

Repository files navigation

Vigolium Burp Suite Extension

A Burp Suite extension that bridges HTTP requests to the Vigolium server-side security scanning engine. Captures requests from Burp, forwards them to Vigolium's API for vulnerability scanning, and displays findings directly in Burp.

Vigolium Burp Integration 1 Vigolium Burp Integration 2
Vigolium Burp Integration 1 Vigolium Burp Integration 2

Architecture

Burp Suite ──► Vigolium Extension ──► Vigolium API Server ──► Scan Engine
                     ▲                        │
                     └── Poll Findings ◄──────┘

Features

  • Proxy Mode — Automatically forwards proxy traffic to Vigolium with configurable filter rules
  • Context Menu — Right-click "Send to Vigolium" from any Burp tool (Proxy History, Site Map, Repeater, etc.)
  • Findings Tab — Displays scan results with severity, request/response detail via Burp's message editor
  • Logs Tab — Real-time activity log with level filtering

Tabs

Tab Purpose
Findings Split pane: findings table + request/response detail
Settings Server connection, proxy toggle, filter rules, hotkeys
Logs Timestamped activity log (INFO/WARN/ERROR)

Tech Stack

Component Choice
Burp API Montoya API
Build Gradle (Kotlin DSL) + Shadow plugin
Java 21
HTTP Client OkHttp
JSON Gson

Installation

Download the pre-built jar from burp-vigolium.jar and load it in Burp via Extensions > Add.

Build (from source)

./gradlew spotlessApply build

The output jar is built via Shadow plugin at build/libs/burp-vigolium.jar.

Configuration

First, start the Vigolium server so the extension has an API to connect to:

vigolium server -A

Then retrieve the API key to enter in the extension:

vigolium config ls server.auth_api_key --force

API Endpoints

Method Endpoint Description
GET /api/health Connection test
GET /api/modules List scan modules
POST /api/scan Submit batch scan tasks
GET /api/findings?session_id=X&since=T Poll new findings

All requests use Authorization: Bearer {API_KEY}.

License

Vigolium is made with ♥ by @j3ssie, with @theblackturtle as a core contributor.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Packages

 
 
 

Contributors

Languages