The Burp Suite XML Scan Parser is a command-line tool designed to parse, analyze, and display vulnerability scan results from Burp Suite Professional's XML export format. It provides an interactive interface for security professionals to review and analyze security findings in a structured and readable format.
- Interactive CLI interface for viewing and managing findings
- Detailed vulnerability information display
- HTTP request/response message viewing
- Finding modification and deletion capabilities
- Export findings to formatted Word documents
- Color-coded severity indicators
- Grouped vulnerability display
- Base64 decoding of HTTP messages
- Python 3.7 or higher
- pip package manager
- Create a virtual environment:
# Windows
python -m venv venv
.\venv\Scripts\activate
# Linux/Mac
python3 -m venv venv
source venv/bin/activate- Install required packages:
pip install -r requirements.txtpython parser.py path/to/burp_export.xml1-N: View detailed information for a specific finding numberd: Delete one or multiple findingsm: Modify a findings: Save findings to a Word document reportq: Quit the application
- The main screen displays a table with finding numbers, names, and severity levels
- Select a finding number to view detailed information including:
- Description
- Remediation details
- Affected locations
- Vulnerability classifications
- HTTP messages
When viewing a finding's details:
- Choose a specific location number to view associated HTTP messages
- Messages are formatted for readability
- Cookie values are automatically truncated for security
- Base64-encoded content is automatically decoded
Using the 'm' option allows you to edit:
- Finding name
- Severity level
- Confidence level
- Description
- Remediation details
- Issue details
- Vulnerability classifications
Two ways to delete findings:
- From the main menu using 'd'
- While viewing finding details
- Supports deletion of multiple findings using comma-separated values
The 's' option generates a Word document containing:
- Complete finding details
- Formatted HTTP messages
- Vulnerability classifications
- Affected locations
- Color-coded severity indicators
Main parser class for handling Burp Suite XML exports.
Key Methods:
extract_raw_vulnerabilities(): Extracts and processes raw vulnerability datagroup_vulnerabilities(): Groups similar findings and sorts by severitydisplay_table(): Shows the main findings tableshow_detailed_finding(): Displays comprehensive finding informationdelete_finding(): Removes specified findingsmodify_finding(): Enables finding modificationsave_to_json(): Exports findings data
Handles Word document report generation.
Key Methods:
make_report(): Creates the final Word documentformat_issue_detail(): Formats finding detailssetup_styles(): Configures document styling
.
├── parser.py # Main script
├── requirements.txt # Package requirements
├── README.md # This documentation
└── template/ # Word document templates
└── finding.docx # Template for findings
The tool includes comprehensive error handling for:
- Invalid XML files
- Missing files
- Incorrect file formats
- Invalid user inputs
- Base64 decoding errors
- JSON parsing errors
- Only processes Burp Suite Professional XML exports
- Requires valid finding.docx template
- Large HTTP messages may affect display formatting
Contributions are welcome! Please feel free to submit pull requests or create issues for bugs and feature requests.
MIT License
Created by Aswin Gopalakrishnan
For support, please create an issue in the project repository or contact the author via LinkedIn.