SnailSploit
Burp-MCP-Security-Analysis-Toolkit
Python

Burp MCP Security Analysis Toolkit

Last updated Jun 30, 2026
10
Stars
0
Forks
0
Issues
0
Stars/day
Attention Score
25
Language breakdown
Python 90.8%
Shell 9.2%
โ–ธ Files click to expand
README

Banner

Burp MCP Security Analysis Toolkit - SnailSploit Edition

License: MIT [Platform]() Claude Code Python 3.9+ [Tests]()

A skills-based security analysis framework by SnailSploit that combines Burp Suite's traffic capture with Claude Code's reasoning via MCP (Model Context Protocol). Instead of ad-hoc prompts, this toolkit encodes expert penetration testing methodology into reusable skill files.

Philosophy

| Principle | Description | |-----------|-------------| | Skills over Prompts | Expert methodology encoded in skill files, not thrown-together prompts | | Phased Analysis | Scope > Triage > Analyze > Report (not everything at once) | | Evidence-Required | No finding without proof from actual HTTP traffic |

Quick Start

Installation (macOS / Linux)

# Clone the repository
git clone https://github.com/SnailSploit/Burp-MCP-Security-Analysis-Toolkit.git
cd Burp-MCP-Security-Analysis-Toolkit

Install Python dependencies

pip install -r requirements.txt

Run the installer (macOS)

chmod +x install.sh ./install.sh

Configure your scope

cp templates/scope-template.yaml scope.yaml

Edit scope.yaml with your target information

Launch

./launch.sh

CLI Usage

The toolkit includes a unified CLI for standalone operations:

# Validate scope configuration
python -m lib validate scope.yaml

Generate report from findings

python -m lib report ./output

Run interactive demo

python -m lib demo

Show version

python -m lib version

Claude Code Commands

Once Burp Suite is running with MCP enabled:

# In Claude Code:
"load scope"      # Validate configuration
"triage"          # Classify endpoints
"analyze all"     # Run all indicator tests
"report"          # Generate final report

Directory Structure

Burp-MCP-Security-Analysis-Toolkit/
โ”œโ”€โ”€ CLAUDE.md                    # Orchestration instructions (auto-loaded)
โ”œโ”€โ”€ README.md                    # This file
โ”œโ”€โ”€ install.sh                   # macOS installer
โ”œโ”€โ”€ launch.sh                    # Launcher script (created by installer)
โ”œโ”€โ”€ scope.yaml                   # Your engagement config (create from template)
โ”‚
โ”œโ”€โ”€ skills/                      # Methodology files (~80KB of expertise)
โ”‚   โ”œโ”€โ”€ SKILL-burp-mcp.md        # MCP query patterns
โ”‚   โ”œโ”€โ”€ SKILL-endpoint-triage.md # Endpoint classification
โ”‚   โ”œโ”€โ”€ SKILL-idor-testing.md    # IDOR detection methodology
โ”‚   โ”œโ”€โ”€ SKILL-bola-testing.md    # Broken Object Level Authorization
โ”‚   โ”œโ”€โ”€ SKILL-auth-analysis.md   # Auth bypass testing
โ”‚   โ”œโ”€โ”€ SKILL-ssrf-testing.md    # SSRF detection
โ”‚   โ”œโ”€โ”€ SKILL-injection-points.md# SQLi/XSS vector identification
โ”‚   โ””โ”€โ”€ SKILL-report-format.md   # Report generation format
โ”‚
โ”œโ”€โ”€ lib/                         # Python helpers
โ”‚   โ”œโ”€โ”€ init.py              # Package exports (v2.1.0)
โ”‚   โ”œโ”€โ”€ main.py              # CLI entry point
โ”‚   โ”œโ”€โ”€ scope_validator.py       # Validate scope.yaml
โ”‚   โ”œโ”€โ”€ endpoint_filter.py       # Filter/prioritize endpoints
โ”‚   โ”œโ”€โ”€ finding_formatter.py     # Format findings to markdown
โ”‚   โ””โ”€โ”€ report_generator.py      # Aggregate findings into report
โ”‚
โ”œโ”€โ”€ tests/                       # Test suite
โ”‚   โ”œโ”€โ”€ testscopevalidator.py  # Scope validation tests
โ”‚   โ”œโ”€โ”€ testendpointfilter.py  # Endpoint filtering tests
โ”‚   โ”œโ”€โ”€ testfindingformatter.py# Finding formatting tests
โ”‚   โ””โ”€โ”€ testreportgenerator.py # Report generation tests
โ”‚
โ”œโ”€โ”€ templates/
โ”‚   โ”œโ”€โ”€ scope-template.yaml      # Blank scope configuration
โ”‚   โ””โ”€โ”€ finding-template.md      # Finding documentation format
โ”‚
โ””โ”€โ”€ output/                      # Generated during analysis
    โ”œโ”€โ”€ endpoints.json           # Triaged endpoint list
    โ”œโ”€โ”€ findings/                # Per-indicator findings
    โ””โ”€โ”€ report.md                # Final consolidated report

Supported Indicators

| Indicator | Skill File | What It Finds | |-----------|------------|---------------| | idor | SKILL-idor-testing.md | Insecure Direct Object References | | bola | SKILL-bola-testing.md | Broken Object Level Authorization | | auth_bypass | SKILL-auth-analysis.md | Authentication/session vulnerabilities | | ssrf | SKILL-ssrf-testing.md | Server-Side Request Forgery | | injection | SKILL-injection-points.md | SQLi/XSS/Command injection vectors |

Commands Reference

| Command | Phase | Description | |---------|-------|-------------| | load scope | 1 | Parse and validate scope.yaml | | triage | 2 | Classify and prioritize endpoints | | analyze {indicator} | 3 | Run specific indicator (e.g., analyze idor) | | analyze all | 3 | Run all enabled indicators | | report | 4 | Generate consolidated report | | full scan | 1-4 | Run complete pipeline | | status | - | Show current progress | | show endpoints | - | Display triaged endpoints | | inspect {path} | - | Deep dive on specific endpoint |

Prerequisites

  • macOS (Intel or Apple Silicon) or Linux
  • Python 3.9+
  • Burp Suite Community or Professional
  • Claude Code (npm package)
  • Captured HTTP Traffic through Burp proxy
  • Multiple auth contexts (for IDOR/BOLA testing)

Installation Guide

Option 1: Automated (macOS)

./install.sh

This installs: Homebrew, Burp Suite, Caddy, Node.js, Claude Code, and configures MCP.

Option 2: Manual

  • Install Burp Suite
brew install --cask burp-suite
  • Install MCP Server Extension
- Open Burp > Extender > BApp Store - Search "MCP Server" > Install - Export mcp-proxy.jar to ~/.burp-mcp-extension/
  • Install Caddy (reverse proxy)
brew install caddy
  • Install Claude Code
npm install -g @anthropic-ai/claude-code
  • Configure MCP
Create ~/.claude.json:
{
     "mcpServers": {
       "burp": {
         "command": "/path/to/java",
         "args": ["-jar", "/path/to/mcp-proxy.jar", "--", "http://localhost:9877/mcp"]
       }
     }
   }
  • Configure Caddy
Create ~/.config/caddy/Caddyfile:
:9877 {
       reverse_proxy localhost:9876 {
           header_up -Origin
       }
   }

Configuration

Copy and edit the scope template:

cp templates/scope-template.yaml scope.yaml

Key sections:

  • target: Primary domain and additional hosts
  • scope: Include/exclude path patterns
  • indicators: Which vulnerability types to test
  • auth: Multi-user tokens for IDOR/BOLA testing
See templates/scope-template.yaml for full documentation with examples.

Output

All findings are written to output/:

| File | Description | |------|-------------| | endpoints.json | Triaged endpoints with scores and indicators | | findings/idor.md | IDOR-specific findings | | findings/bola.md | BOLA-specific findings | | findings/auth.md | Auth bypass findings | | findings/ssrf.md | SSRF findings | | findings/injection.md | Injection point findings | | report.md | Consolidated final report |

Python Helpers

The lib/ directory contains standalone Python utilities accessible via CLI:

# Unified CLI
python -m lib validate scope.yaml
python -m lib report output/
python -m lib demo
python -m lib version

Direct module usage

python lib/scope_validator.py scope.yaml python lib/report_generator.py output/

Testing

Run the full test suite:

pip install pytest
python -m pytest tests/ -v

Extending

Add New Indicator

  • Create skills/SKILL-{indicator}-testing.md with methodology
  • Add to indicators.enabled in scope-template.yaml
  • Update CLAUDE.md with new skill reference

Custom Skills

Follow the structure of existing skills:

  • Purpose and scope
  • Prerequisites
  • Step-by-step methodology
  • Evidence requirements
  • Output format

Security Notes

  • Scope files contain tokens - Add scope.yaml to .gitignore
  • Use only on authorized targets - Standard pentest rules apply
  • Evidence is redacted by default - Configure in scope.yaml

License

MIT License - See LICENSE

Contributing

Contributions welcome! See CONTRIBUTING.md

Credits


Disclaimer: Use responsibly and only on systems you have explicit permission to test.


๐Ÿ“š Documentation & Author

This project's full writeup, methodology, and related research lives at:

https://snailsploit.com/tools

Created by Kai Aizen โ€” independent offensive security researcher.

snailsploit.com ยท Research ยท Frameworks ยท GitHub ยท LinkedIn ยท ResearchGate ยท X/Twitter

Same attack. Different substrate.

๐Ÿ”— More in this category

ยฉ 2026 GitRepoTrend ยท SnailSploit/Burp-MCP-Security-Analysis-Toolkit ยท Updated daily from GitHub