Nburp

v1.0.0 suspicious
6.0
Medium Risk

A futuristic Neon-themed Web Security Framework & Penetration Testing Suite

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks due to insecure network calls and suspicious metadata, although it shows no signs of shell execution, obfuscation, or credential mishandling.

  • Network risk due to disabled SSL verification
  • Suspicious metadata including non-secure links and rapid commit history
Per-check LLM notes
  • Network: The package makes insecure network calls with disabled SSL verification, which could be risky.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of sensitive information.
  • Metadata: Suspicious activity includes non-secure links, rapid commit history, and an author with limited presence.

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • ngs = [] try: r = requests.get(target, timeout=5, verify=False) # Check Security He
  • DB["SQLi"]: res = requests.get(target, params={"id": p}, timeout=3) if any(err
  • try: r = requests.get(urljoin(base_url, word), timeout=2, verify=False)
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:5000
Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • All 6 commits happened within 24 hours
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Nburp 
Create a futuristic neon-themed web security scanner application using the 'Nburp' package. This application will serve as a mini-tool for performing basic web security assessments on websites, including vulnerability detection and security testing. Here are the steps and features you should include:

1. **Project Setup**: Initialize a new Python project and install the 'Nburp' package.
2. **User Interface**: Design a simple yet stylish user interface that reflects the neon theme. Users should be able to input URLs and start scans from this interface.
3. **Scan Configuration**: Allow users to configure scan settings such as depth of crawling, types of vulnerabilities to look for (e.g., SQL injection, XSS), and the speed of scanning.
4. **Vulnerability Detection**: Utilize 'Nburp' to detect common web vulnerabilities. Implement functions to check for SQL injection, Cross-Site Scripting (XSS), and other OWASP Top 10 vulnerabilities.
5. **Report Generation**: After the scan is complete, generate a detailed report highlighting potential vulnerabilities, their severity, and recommendations for remediation.
6. **Integration with Common Tools**: Integrate with popular tools like Burp Suite or ZAP for more advanced analysis if 'Nburp' supports it.
7. **Real-time Feedback**: Provide real-time feedback during the scan process, showing progress and any immediate findings.
8. **Security Best Practices**: Ensure the application itself adheres to security best practices, such as sanitizing user inputs and handling exceptions gracefully.

The goal is to create a tool that not only demonstrates the capabilities of the 'Nburp' package but also provides practical value for web developers and security enthusiasts.