[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82695":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":14,"stars7d":16,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":18,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":15,"starSnapshotCount":15,"syncStatus":27,"lastSyncTime":28,"discoverSource":29},82695,"repshot","JFOZ1010\u002Frepshot","JFOZ1010","RepShot · Generate professional security finding cards directly from Burp Suite Repeater.","",null,"Java",83,9,1,0,7,27,5,48.2,false,"master",true,[],"2026-06-12 04:01:38","\u003Cp align=\"center\">\n  \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F4f3d1ba3-ea8e-4ecd-b59d-c1c8a501337c\" alt=\"RepShot Logo\" width=\"680\"\u002F>\n\u003C\u002Fp>\n\n# ⚡ RepShot  _·_  Security Finding Card for Burp Suite\n\n> **Turn your Burp Suite findings into clean, professional cards, ready for reports, bug bounty submissions, and social sharing.**\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FBurp%20Suite-Extension-orange?style=for-the-badge\"\u002F>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FJava-17%2B-blue?style=for-the-badge&logo=java\"\u002F>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-green?style=for-the-badge\"\u002F>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FBurp-Champion-red?style=for-the-badge\"\u002F>\n\u003C\u002Fp>\n\n---\n\n## The Problem\n\nEvery pentester knows the moment: you've just confirmed a `SQL injection`, an `XSS` payload, or a path traversal returned `\u002Fetc\u002Fpasswd`. Now you need to document it.\n\nThe usual workflow looks like this:\n\n1. Open _Flameshot_ or a screenshot tool\n2. Take a screenshot of the request\n3. Take another screenshot of the response\n4. Draw red boxes around the relevant parts manually\n5. Open your report template\n6. Copy\u002Fpaste the vulnerability name, write the business impact from scratch\n7. Repeat for every single finding\n\nWhen you're running a pentest or a bug bounty session with 10, 15, or 20 findings - this process kills your momentum. You spend more time documenting than hacking.\n\n**RepShot was built to fix that.**\n\n---\n\n## What RepShot Does ?\n\nRepShot is a Burp Suite extension that adds a **\"Send to RepShot\"** option to your Repeater context menu. From there, you get a dedicated panel where you can:\n\n- **Scroll to the exact part of the request or response** you want to show\n- **Capture that exact viewport** — what you see is what gets exported\n- **Draw red annotation boxes** directly on the capture before exporting\n- **Search** inside request\u002Fresponse with `Cmd+F` \u002F `Ctrl+F`\n- **Auto-fill the business impact** based on the vulnerability type selected\n- **Export a professional HD PNG card** ready to paste into any report or post on LinkedIn\u002FX\n\nNo more context switching. No more Flameshot. No more writing \"An attacker could...\" from scratch for the tenth time today.\n\n---\n\n## Screenshots\n\n> *Example finding card exported by RepShot*\n\n\u003Cimg width=\"2400\" height=\"1522\" alt=\"repshot-finding2\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F7fda7566-aa37-4624-a8ea-ecb6f72fc720\" \u002F>\n\n---\n\n## Installation\n\n### Option A - Use the prebuilt JAR (recommended)\n\n1. Download `repshot-1.0.0.jar` from the [Releases](..\u002F..\u002Freleases) page\n2. Open Burp Suite\n3. Go to **Extensions → Add**\n4. Extension type: **Java**\n5. Select the downloaded JAR\n6. Click **Next** - you should see `RepShot loaded` in the Output tab\n\n**Requirements:** Burp Suite 2023.x or later · Java 17+ on your system\n\n\u003Cimg width=\"1178\" height=\"638\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Ff6207039-edd4-4928-ad83-51688a66eb5d\" \u002F>\n\n\u003Cimg width=\"907\" height=\"284\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fb204e619-8fd4-4f73-849f-090f9b67073b\" \u002F>\n\n\n\n### Option B - Build from source\n\n```ruby\ngit clone https:\u002F\u002Fgithub.com\u002FJFOZ1010\u002Frepshot.git\ncd repshot\nmvn clean package\n# JAR will be at target\u002Frepshot-1.0.0.jar\n```\n**Requirements**: Java 17+, Maven 3.8+\n\n\u003Cimg width=\"938\" height=\"735\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F61025168-8ef3-40b2-829e-5f88cbd16c3f\" \u002F>\n\n---\n\n## How to Use\n\n### Basic workflow\n\n1. Send a request to **Repeater** and fire it\n2. **Right-click** anywhere in the request\u002Fresponse → **📸 Send to RepShot**\n   \n      \u003Cimg width=\"602\" height=\"177\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F3a2bd081-dce6-4f0d-8916-8d61e9f5d581\" \u002F>\n      \n4. The RepShot panel opens with your request and response loaded\n\n   \u003Cimg width=\"1159\" height=\"779\" alt=\"Panel-repshot\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F06b2f99e-ce87-4741-8b29-3eccc5deb9ce\" \u002F>\n\n### Documenting a finding\n\n1. **Fill in the finding details** - title, vulnerability type, severity, your handle\n   - Business impact auto-fills based on the vulnerability type selected\n   - Selecting a different type updates the impact automatically\n   - Choose \"Other...\" to type a custom vulnerability name\n  \n     \u003Cimg width=\"1059\" height=\"197\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fd44b0f44-2ca3-4d29-be0d-74a6d83af480\" \u002F>\n     \u003Cimg width=\"622\" height=\"131\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fab04ddf8-438b-43a4-bbf1-2dbc43a835d2\" \u002F>\n\n\n2. **Navigate to the relevant part** of the request or response using scroll\n\n3. **Click `[ 📷 Capture ]`** - this captures exactly what's visible in the panel at that moment (_What You See is What You Get_)\n\n4. **Annotate with red boxes** (optional):\n   - Click `[ ✏ Draw Box ]` to enter drawing mode\n   - Click and drag to draw annotation rectangles over the payload or evidence\n     \u003Cimg width=\"1010\" height=\"515\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Ff7f2539b-0d8b-4091-81d1-cabc9427880c\" \u002F>\n   - Click `[ Clear Boxes ]` to remove all boxes\n   - Re-capture after drawing to include the boxes in the export\n   - Click on `[ ✏ Draw Box ]` again to exit the context of the red box and have the **response scroll**.\n\n5. **Search** with `Cmd+F` (macOS) or `Ctrl+F` (Windows\u002FLinux):\n   - Type to find matches in real time, highlighted in yellow\n     \u003Cimg width=\"566\" height=\"487\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F79a7f295-7a53-4165-bbd8-2bf91c3142ab\" \u002F>\n   - Navigate with `‹` and `›` buttons\n   - Press `Escape` to close\n\n6. Click **`Preview Card`** to see the result before saving\n   \n\u003Cimg width=\"588\" height=\"185\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F3100eb38-df15-4413-929d-70daafc30665\" \u002F>\n\n7. Click **`Export PNG`** to save the HD card (2400px wide, print-quality)\n\n---\n\n## Vulnerability Types Supported\n\nRepShot includes pre-written business impact templates for 30 vulnerability types:\n\n| Category | Types |\n|---|---|\n| Injection | SQL Injection (Error-Based, Blind\u002FBoolean, Out-of-Band), Command Injection, SSTI, XXE, GraphQL Injection |\n| XSS | Reflected, Stored, DOM-Based |\n| Access Control | IDOR, Broken Access Control, Authentication Bypass, Broken Auth \u002F Session Management |\n| Server-Side | SSRF, RCE, Path Traversal \u002F LFI, RFI |\n| Web Misc | CORS Misconfiguration, HTTP Request Smuggling, Cache Poisoning, Open Redirect, Clickjacking, Subdomain Takeover |\n| Client-Side | Prototype Pollution, JWT Vulnerabilities |\n| Other | Insecure File Upload, Mass Assignment, Insecure Deserialization, Business Logic Flaw, Other... |\n\nEach template is written in plain business language no jargon, so the impact makes sense to a non-technical audience.\n\n---\n\n## Why RepShot Exists\n\n> *\"800 lines of HTML. The evidence is on line 697.\"*\n\nI was spending too much time on the same repetitive documentation work on every engagement.\nThe worst part wasn't writing the report, it was this:\n\nRepShot captures exactly what you're looking at in Burp, lets you annotate inline,\nand exports a card that works for both technical reports and non-technical stakeholders.\n\n> The same PNG that goes into a pentest report can go on LinkedIn\n> without looking like a raw terminal dump.\n\nIt also auto-fills the business impact. Because *\"An attacker can exploit this SQL injection\nto extract the entire database...\"* is something I've typed some variation of a hundred times.\n\n---\n\n## Contributing\n\nRepShot is open source and community-driven. If you:\n\n- Found a bug → open an issue\n- Want a new vulnerability template → open a PR editing `ImpactTemplates.java`\n- Want a new feature → open an issue first to discuss\n\nAll contributions welcome.\n\n---\n\n## Built With\n\n- [Burp Suite Montoya API](https:\u002F\u002Fportswigger.net\u002Fburp\u002Fdocumentation\u002Fdesktop\u002Fextensions\u002Fcreating): extension framework\n- Java Swing: UI and viewport capture\n- Graphics2D: HD PNG rendering\n- Maven: build system\n\n---\n\n## License\n\nMIT - use it, fork it, improve it.\n\n---\n\n## `Whoami`\n\n\u003Cimg src=\"https:\u002F\u002Fmedia.licdn.com\u002Fdms\u002Fimage\u002Fv2\u002FD4E03AQHRqhzMFLC3sg\u002Fprofile-displayphoto-scale_400_400\u002FB4EZ4JZ7UCJoAk-\u002F0\u002F1778274253615?e=1781136000&v=beta&t=0hia5hqnxB2aKPZyR3sUQSzwE4P1YiTjFTauy-bPR8I\" width=\"80\" align=\"left\" style=\"border-radius:50%; margin-right:16px\"\u002F>\n\n**Juan Felipe Oz** - Application Security Engineer & Security Researcher based in Colombia.\n\n   Software Developer · AppSec Engineer · Security Researcher\n\n[![LinkedIn](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLinkedIn-juanfelipeoz-blue?style=flat&logo=linkedin)](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fjuanfelipeoz\u002F)\n[![Web](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FWeb-juanfelipeoz.com-orange?style=flat&logo=firefox)](https:\u002F\u002Fjuanfelipeoz.com)\n[![X](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FX-@Pwnedrar__-black?style=flat&logo=x)](https:\u002F\u002Ftwitter.com\u002FPwnedrar_)\n\n---\n\n> *Built with frustration and too many Flameshot screenshots.*\n","RepShot 是一个用于 Burp Suite Repeater 的扩展，能够将安全发现直接生成为专业的安全发现卡片。其核心功能包括在请求或响应中选择特定部分进行截图、添加注释框、自动填充业务影响描述，并导出高清PNG格式的卡片，适用于报告编写、漏洞赏金提交及社交分享。该工具通过简化文档记录流程，显著减少了安全测试人员在文档准备上花费的时间，特别适合于需要处理大量安全发现的渗透测试和漏洞赏金项目。基于Java开发，要求用户环境支持Java 17及以上版本以及Burp Suite 2023.x或更高版本。",2,"2026-06-11 04:08:58","CREATED_QUERY"]