Intigriti Quick Scope (IQS) is a Burp Suite extension that automates project setup by pulling data from the Intigriti Researcher API. This extension makes it easy to import target scopes from bug bounty programs directly into Burp Suite.
Intigriti Quick Scope (IQS) is designed to help you quickly set up your scope within Burp Suite using the official Intigriti Researcher API.
IQS is currently capable of:
- Fetching all your available programs (including private)
- Auto configuring your Burp Suite's project with a single click
- Inspect program scope requirements such as mandatory request headers or rate limits.
- In Burp Suite, go to the "Extensions" tab
- Switch to the "BApp Store" tab
- Search for "Intigriti Quick Scope"
- Finally, click on "Install" to install our official plugin
Alternatively, you can install it directly from the BApp Store page.
- Download the latest release JAR file from the releases page
- Open Burp Suite
- Go to the "Extensions" tab
- Within the "Installed" sub-tab, click "Add" (underneath the "Burp Extensions" section)
- Set the extension type to "Java"
- Select your JAR file
- Click "Next" to load the extension
- Clone this repository
- Build this project with Gradle:
gradle build - The JAR file will be created in the
build/libs/folder - Load the JAR file into Burp Suite as previously instructed
Start by configuring the Intigriti API connection. Enter your Intigriti username and API key, then click "Test Researcher API" to verify your credentials are working.
Once connected, click "Load Programs" to fetch your available programs. You can narrow the list by toggling the filters for active, followed, or private programs.
Select a program to inspect its scope configuration and domain details. Domains are organized into tabs by type, Web, Others (this section includes iOS, Android, source code repositories or other types of applications), and Out of Scope. From there, you can add individual selected domains to your Burp scope or apply the entire program's scope at once. If the program requires scope headers, your username will be automatically inserted.
To start fresh, use the "Reset Scope" button to clear all scope filters and headers. You can then import domains from a different program as needed.
To use this extension, you need an Intigriti researcher account and an active Intigriti API key:
- Sign into your Intigriti account
- Go to your profile settings
- Navigate to the "API Keys" section
- Generate a new API key (you can set the expiration time to your preference)
- Copy the API key to use in the Intigriti Quick Scope extension
- Burp Suite Community Edition (CE) or Professional
- Java 11 or later
Intigriti Quick Scope is open-source and made for the community! We encourage you to contribute to the project! Please see the Contributing guideline on how to contribute and further improve Intigriti Quick Scope!
Warning
Security bugs should be reported to our security contact at security@intigriti.com. See SECURITY.md for more details.
This project is licensed and available under the MIT License