VulnLog is a powerful Burp Suite extension designed to help security researchers track and manage vulnerabilities during penetration tests and security assessments. It provides a comprehensive interface for logging, managing, and documenting security findings.
VulnLog's main interface showing the findings table and request/response views
Dialog for adding new security findings with detailed fields
Comprehensive view of finding details with full information
Accessing VulnLog through Burp Suite's context menu
- Vulnerability Logging: Capture and document findings directly from Proxy history and Repeater
- Detailed Finding Management:
- Name, URL, and Severity tracking
- Comprehensive description fields
- Impact assessment documentation
- Recommendation documentation
- Full HTTP request/response storage
- Availabe to view findings in issue tab
- Rich Dashboard:
- Sortable findings table with tooltips for long text
- Split-pane layout showing findings and request/response details
- Quick access buttons for common actions
- Finding Details:
- Dedicated dialog for viewing complete finding information
- Edit capability through double-click
- Tooltips for quick preview of long content
- Context Menu Integration:
- Right-click access in Proxy, Repeater, and Scanner
- Quick "Send to VulnLog" option
- Finding Operations:
- Add new findings with comprehensive details
- Edit existing findings through double-click
- Delete individual or all findings
- Export findings to JSON format
- Persistent Storage:
- Maintains data between Burp sessions
- Project-based organization by target host
- Critical
- High
- Medium
- Low
- Info
- Download the latest Jython Standalone JAR
- In Burp Suite:
- Go to Extender > Options
- Under Python Environment, select the Jython JAR file
- Download
VulnLog.pyfrom this repository - Go to Extensions > Installed > Add
- Select Python as the extension type
- Choose the
VulnLog.pyfile - Click Next
- Right-click any request in Proxy/Repeater/Scanner
- Navigate to Extensions > VulnLog > Send to VulnLog
- Fill in the finding details:
- Name (required)
- Severity level
- Description
- Impact
- Recommendation
- Use the main dashboard to view all findings
- Double-click any finding to edit its details
- Use the toolbar buttons for:
- Exporting findings
- Clearing all findings
- Deleting selected findings
- Click "View Details" for comprehensive information
- Select any finding to view its request/response
- Use tooltips for quick preview of long text
- Click "View Details" for full information display
- Double-click entries to edit them
- Click "Export Findings" to save as JSON
- Export includes:
- Target information (host, port)
- Finding details
- Full request/response data
- Evidence in both raw and encoded formats
- AI integration with GPT and Deepseek support (UI elements already in place)
- Additional export formats (PDF, Word, XML, HTML)
- Enhanced finding templates
- Custom severity levels
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/your-feature) - Commit changes (
git commit -am 'Add some feature') - Push to branch (
git push origin feature/your-feature) - Open a Pull Request
Disclaimer: This tool is intended for authorized security testing and educational purposes only. Always obtain proper authorization before testing systems.