Skip to content

Pull new bambdas from portswigger#3

Open
intrudir wants to merge 127 commits intoNetSPI:mainfrom
PortSwigger:main
Open

Pull new bambdas from portswigger#3
intrudir wants to merge 127 commits intoNetSPI:mainfrom
PortSwigger:main

Conversation

@intrudir
Copy link
Collaborator

@intrudir intrudir commented Dec 12, 2025

Bambda Contributions

  • Bambda has a valid header, featuring an @author annotation and suitable description
  • Bambda compiles and executes as expected
  • Only .bambda files have been added or modified (README.md files are automatically updated / generated after PR merge)

ctflearner and others added 30 commits December 18, 2024 22:46
@ctflearner
Create DetectWeakReferrerPolicy.bambda
76a5d38 
It ensures there is a response and scans the headers for either the absence of the Referrer-Policy header or the presence of policies that may expose sensitive referrer information.
@ctflearner
Create DetectWeakXSSProtectionHeader.bambda
f588d82 
This script checks if the HTTP response contains a weak or misconfigured "X-XSS-Protection" header.
@ctflearner
Update DetectWeakReferrerPolicy.bambda
b97740b
@ctflearner
Update DetectWeakXSSProtectionHeader.bambda
d63d269
@PortSwiggerWiener
Merge pull request #83 from ctflearner/DetectWeakReferrer
87bcb70 
Create DetectWeakReferrerPolicy.bambda
@Hannah-PortSwigger
Update DetectWeakXSSProtectionHeader.bambda
6d4d097 
Remove redundant header check.
@PortSwiggerWiener
Merge pull request #84 from ctflearner/DetectWeakXSSProtection
bdfc1f2 
Create DetectWeakXSSProtectionHeader.bambda
@drwetter
Add example to search for graphql mutations
822faa2
@drwetter
fix typo
783236a
@drwetter
Address reviews
c83c5d2
@Hannah-PortSwigger
Merge pull request #87 from drwetter/SearchGraphQLMutation
727abe6 
Search graphql mutation
@y1shiny1shin
Create RemoveDirtyPackageFromHistory
f5107e3
@y1shiny1shin
Create RemoveDirtyPackageHistory
bbc4301
@y1shiny1shin
Update and rename RemoveDirtyPackageFromHistory.bambda to ExcludeComm…
36f0cfd 
…onDomains.bambda

Update Description
@ibz-portswigger
Merge pull request #91 from y1shiny1shin/RemoveDirtyPackageHistory
d916bc0 
Create RemoveDirtyPackageHistory
@yijun-hu-portswigger @rlilker
2025.2 Bambda Library Update (#93)
c86f8b4 
* BURP-11233. Update for Bambda Library - add metadata to existing bambdas, including BambdaChecker-1.4

* BURP-11233. Finalising updates for Bambda Library

* Update .2 repo with all new bambdas in preparation for merge

---------

Co-authored-by: Ryan Lilker <ryan.lilker@gmail.com>
@Hannah-PortSwigger
Add Bambda library template bambdas.
664bb0e
@Hannah-PortSwigger
Update pull_request_template message.
b01590d
@Hannah-PortSwigger
Update actions to v4 and use Java 21.
e931ceb
@ibz-portswigger
Merge pull request #95 from PortSwigger/workflow-fix
44dc1b6 
Update actions to v4 and use Java 21.
@ibz-portswigger
Merge pull request #94 from PortSwigger/add-templates
87062ea 
Add Bambda library template bambdas.
@ps-porpoise
Merge pull request #96 from PortSwigger/template-update
71a178a 
Update pull_request_template message.
@ngregoire @Hannah-PortSwigger
Add custom actions (#97)
3db9f68 
* Add Custom Actions

* Update my Custom Actions

* Move comment

* Move comment

---------

Co-authored-by: Hannah-PortSwigger <58562826+Hannah-PortSwigger@users.noreply.github.com>
@Hannah-PortSwigger
Update README.md (#98)
18ef7f1
@l4n73rn
Added custom column bambda to identify slow responses (#101)
7c32b9c
@albinowax
Add files via upload (#102)
c3316c5 
* Add files via upload

* Update ProbeForRaceCondition.bambda
@mdoyhenard @martindoyhenard @Hannah-PortSwigger
Adding a custom action to take and edit screenshots from Burp. (#103)
5d59dae 
* Adding a custom action to take and edit screenshots from Burp.

* Added author to Screenshot.bambda

* Update Screenshot.bambda

* Add bambda description

---------

Co-authored-by: martin.doyhenard <martin.doyhenard@portswigger.net>
Co-authored-by: Hannah-PortSwigger <58562826+Hannah-PortSwigger@users.noreply.github.com>
@ps-porpoise
Add support for custom actions to Bambda checker (#104)
b85d131
@ps-porpoise
Add custom actions to Bambda checker. (#106)
1b84f45
@Hannah-PortSwigger
Fix javadoc (#107)
4427997 
* Fix No @author tag defined.

* Fix no javadoc defined.
ps-porpoise and others added 30 commits September 23, 2025 13:41
@ps-porpoise
Merge pull request #136 from d0ge/cookie-prefix-bypass-custom-scan-check
ae4fbb5 
HTTP cookie prefix bypass custom scan check
@hackvertor
This Custom Action creates a random string in the output log or repla…
d774b62 
…ces the $random placeholder in the request. The string is generated using a regular expression class received from the user input dialog.
@hackvertor
Updated indent
3f7f5ab
@hackvertor
Updated indent
072e602
@ps-porpoise
Merge pull request #145 from hackvertor/main
512f343 
This Custom Action creates a random string based on a regex class from the user
@github-actions
Update README.md files
4804df5
@Hannah-PortSwigger
Update fetch depth for GitHub workflow. (#146)
4c1201e
@Hannah-PortSwigger
Update webhook messages. (#147)
16c6511 
* Update webhook messages.

* Additional cleanup.

* Update description for Discord message.
@Eleanor739
Update README.md (#148)
53de3c9 
Update to make the relationship between BChecks and Bambda custom scan checks clearer
@Eleanor739
Update CONTRIBUTING.md (#149)
78e12b1 
Update to make contributing guidelines clearer for Java vs BCheck scan checks
@hackvertor
Refactored Hacking Assistant to separate user prompts from untrusted …
8738813 
…JSON input, securing both with nonces. Added detection for Hackvertor tags to reject unsafe requests and responses. (#150)
@github-actions
Update README.md files
1ccbcd9
@Hannah-PortSwigger
Add BypassFirstRequestValidation (#151)
ba2eae3
@github-actions
Update README.md files
b80d05a
@djpaterson
Add CVE-2025-55182 React2Shell bambda (#153)
28060df 
* Add CVE-2025-55182 React2Shell Bambda

* Add CVE-2025-55182 (now with prettier formatting)

* Add files via upload
@Hannah-PortSwigger
Update CVE-2025-55182CVE-2025-66478-React2Shell.bambda (#155)
b8884d5
@github-actions
Update README.md files
3310666
@Hannah-PortSwigger
Webhook messages (#156)
c0d936f 
* Update webhook messages.

* Additional cleanup.
@Hannah-PortSwigger
Create FakeResponseGenerator (#157)
1fe9b39
@github-actions
Update README.md files
d75ce32
@hackvertor
Adds a CSP bypass Custom Action (#158)
d880a64 
* Refactored Hacking Assistant to separate user prompts from untrusted JSON input, securing both with nonces. Added detection for Hackvertor tags to reject unsafe requests and responses.

* Added CSP bypass CustomAction that reads the CSP detects if scripts are blocked then looks for a CSP bypass.

* Add disclaimer and a note about the HTTP request
@github-actions
Update README.md files
af5e5fe
@rsomers-portswigger
Update formatting of CSP Bypass bambda (#159)
0befbb0 
* Update formatting of CSP Bypass bambda

* Fix header comment
@github-actions
Update README.md files
5b833a3
@Hannah-PortSwigger
Webhook refactor (#160)
2d01ae1 
* Split into separate jobs.

* Refactor.

* Fix extraction logic.

* Add function and location.
@hackvertor
Fixed problem with existing collaborator variable. Renamed to emailSp…
846e9ca 
…littingCollaboratorClient. (#162)
@github-actions
Update README.md files
54f1888
@hackvertor
Changed code to use the built in Collaborator client instead of the m…
ef502c6 
…ain Collaborator (#165)

* Fixed problem with existing collaborator variable. Renamed to emailSplittingCollaboratorClient.

* Changed code to use the built in Collaborator client instead of the main one
@github-actions
Update README.md files
6eccce6
@Hannah-PortSwigger
Forked repo actions (#166)
5710054 
* Don't run automated workflows on forks.

* Rename workflow.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.