CVSS_Calculator is a powerful Burp Suite extension designed for security professionals and penetration testers to calculate CVSS (Common Vulnerability Scoring System) v2 and v3.1 scores of vulnerabilities, entirely offline. This tool integrates seamlessly with Burp Suite, providing a user-friendly graphical interface for assessing the severity of security vulnerabilities based on Base, Temporal, and Environmental metrics.
- Offline CVSS Scoring: Calculate CVSS v2 and v3.1 scores without the need for an internet connection.
- Comprehensive Metrics: Includes Base, Temporal, and Environmental metrics for a thorough vulnerability assessment.
- User-Friendly Interface: Easy-to-use graphical interface integrated into Burp Suite for efficient scoring of vulnerabilities.
- Dual Version Support: Supports both CVSS v2 and v3.1, catering to diverse assessment needs.
- Open Burp Suite.
- Navigate to
Extender -> BApp Store
. - Search for and install the "CVSS Calculator" Extension.
- Download the
CVSS_Calculator.jar
file from the repository or build it from the source code. - Open Burp Suite.
- Go to
Extender -> Extensions -> Add
. - Select the
CVSS_Calculator.jar
file and add it to Burp Suite. - A new tab for "CVSS Calculator" will be added to the Burp Suite interface.
- Ensure you have Gradle installed.
- Clone the repository:
git clone https://github.com/moeinfatehi/CVSS_Calculator
- Navigate to the main directory (where
build.gradle
exists) and run:gradle makeJar
- The Jar file will be generated in
build/libs/CVSS_Calculator.jar
After adding the extension to Burp Suite, a new tab will be available where you can access both CVSS v2 and v3.1 calculators in separate tabs. Simply input the relevant metrics, and the tool will calculate the CVSS scores for you.
We welcome feedback and contributions to the CVSS_Calculator project. If you find any bugs or have comments, please feel free to contact us. Your input is invaluable in making this tool more effective for the cybersecurity community.
For any inquiries or suggestions, please reach out via GitHub Issues or contact me directly through my Twitter account.