Note: This is the Community Edition. Commercial and Professional Editions with advanced features are available separately.

SILENTCHAIN AI™ - Community Edition is a Burp Suite extension that brings the power of artificial intelligence to web application security testing. Using advanced AI models, SILENTCHAIN performs intelligent passive analysis of HTTP traffic to identify OWASP Top 10 vulnerabilities, security misconfigurations, and potential attack vectors.

Traditional security scanners rely on predefined signatures and patterns. SILENTCHAIN AI™ goes beyond with:

• 🧠 AI-Powered Analysis: Leverages state-of-the-art language models (Ollama, OpenAI, Claude, Claude Code, Gemini) for intelligent vulnerability detection
• 🎯 Context-Aware Detection: Understands application logic and business context, not just pattern matching
• ⚡ Real-Time Scanning: Analyzes traffic as it flows through Burp's proxy
• 📊 Professional Reporting: Generates detailed findings with CWE, OWASP mappings, and remediation guidance
• 🔄 Zero False Positives: AI validation reduces noise and focuses on real vulnerabilities
• 🆓 Community Edition: Free passive analysis capabilities

• Real-time traffic analysis through Burp Proxy
• OWASP Top 10 vulnerability detection
• CWE-mapped security findings
• Intelligent confidence scoring

• Modern, intuitive dashboard
• Live findings panel with severity color-coding
• Task tracking and management
• Integrated console logging

• Ollama (Local, free, privacy-focused)
• OpenAI (GPT-4, GPT-3.5)
• Claude (Anthropic)
• Claude Code (Anthropic CLI)
• Gemini (Google)

• Detailed vulnerability descriptions
• Affected parameters identification
• CWE and OWASP mappings
• Remediation recommendations
• Direct links to security resources

SILENTCHAIN AI™ detects a wide range of security issues including:

• Burp Suite (Community or Professional)
• Java 8+ (required by Burp)
• Jython (for Python extensions, typically bundled with Burp)
• AI Provider (one of the following):
  • Ollama (Free, local)
  • OpenAI API key
  • Claude API key
  • Claude Code CLI (Anthropic)
  • Gemini API key

1. Open Burp Suite
2. Go to Extender → BApp Store
3. Search for "SILENTCHAIN AI"
4. Click Install

1. Download the Extension

   • Download silentchain_ai_community.py from this repository or the Burp Suite BApp Store

2. Load in Burp Suite

   • Open Burp Suite
   • Go to Extender → Extensions → Add
   • Set Extension type: Python (or Jython)
   • Select the downloaded silentchain_ai_community.py file
   • Click Next

3. Configure AI Provider

   • Go to SILENTCHAIN tab in Burp
   • Click ⚙ Settings
   • Configure your AI provider (see Configuration)
   • Click Test Connection
   • Click Save

4. Start Scanning

   • Set your target scope in Burp (Target → Scope)
   • Browse the target application through Burp's proxy
   • SILENTCHAIN will automatically analyze traffic
   • View findings in the Findings panel and Burp's Issue Activity

• Cross-platform: Windows, macOS, Linux
• Burp Suite (Community or Professional)
• Jython (for Python extensions)

Free, local, no API keys required

1. Install Ollama:

   # macOS/Linux
   curl -fsSL https://ollama.ai/install.sh | sh
   
   # Windows
   # Download from https://ollama.ai/download

2. Pull a model:

   ollama pull deepseek-r1
   # or
   ollama pull llama3

3. Configure SILENTCHAIN:

   • Provider: Ollama
   • API URL: http://localhost:11434
   • Model: deepseek-r1:latest

1. Get API key from platform.openai.com

2. Configure SILENTCHAIN:

   • Provider: OpenAI
   • API URL: https://api.openai.com/v1
   • API Key: sk-...
   • Model: gpt-4 or gpt-3.5-turbo

1. Get API key from console.anthropic.com

2. Configure SILENTCHAIN:

   • Provider: Claude
   • API URL: https://api.anthropic.com/v1
   • API Key: Your Anthropic API key
   • Model: claude-3-5-sonnet-20241022

1. Get API key from makersuite.google.com

2. Configure SILENTCHAIN:

   • Provider: Gemini
   • API URL: https://generativelanguage.googleapis.com/v1
   • API Key: Your Google API key
   • Model: gemini-1.5-pro

1. Traffic Interception: SILENTCHAIN monitors HTTP requests/responses through Burp Proxy
2. Scope Filtering: Only analyzes in-scope targets (configure in Burp's Target Scope)
3. AI Analysis: Sends request/response data to AI for security analysis
4. Vulnerability Detection: AI identifies security issues based on OWASP Top 10 patterns
5. Finding Generation: Creates detailed reports with severity, confidence, and remediation
6. Deduplication: Prevents duplicate findings for the same URL/parameter combination

• Total Requests: HTTP requests analyzed
• Analyzed: Successfully processed
• Skipped (Duplicate): Prevented redundant analysis
• Findings Created: Total vulnerabilities found
• Errors: Analysis failures

• Shows currently processing requests
• Status tracking (Queued, Analyzing, Completed)
• Duration timing

• All detected vulnerabilities
• Severity-based color coding:
  • 🔴 High - Critical vulnerabilities
  • 🟠 Medium - Important security issues
  • 🟡 Low - Minor vulnerabilities
  • 🔵 Information - Security notes
• Confidence levels
• Discovery timestamps

• Real-time logging
• AI connection status
• Analysis progress
• Error messages

1. Set Target Scope

   Burp → Target → Scope → Add
   Example: https://example.com/*
   

2. Browse Application

   • Configure browser proxy to Burp (127.0.0.1:8080)
   • Navigate through the target application
   • SILENTCHAIN analyzes in the background

3. Review Findings

   • Check SILENTCHAIN → Findings panel
   • Or Target → Issue Activity (integrated with Burp)

Right-click any request in:

• Proxy History
• Site Map
• Repeater

Select: SILENTCHAIN - Analyze Request

This forces analysis even if the URL was previously scanned.

1. Select a finding in the Findings panel
2. Review the detailed description
3. Check affected parameters
4. Follow CWE/OWASP links for more information
5. Manually test using Burp Repeater/Intruder

SILENTCHAIN Professional adds active verification capabilities:

• 🎯 Phase 2 Verification: Automatically validates findings with exploit payloads
• 🛡️ WAF Detection: Identifies and adapts to web application firewalls
• 📚 Curated Payload Libraries: Battle-tested OWASP payloads
• 🌐 OOB Testing: Detects blind vulnerabilities (SSRF, XXE, etc.)
• 🔄 Burp Intruder Integration: Auto-configures fuzzing attacks
• ⚡ Smart Fuzzing: AI-generated payloads for maximum coverage

See it in action — watch the full SILENTCHAIN Professional demo to see AI-powered active verification, WAF evasion, and automated fuzzing at work.

Contact us for commercial licensing and professional editions: [email protected]

Solution:

• Check AI provider is running (Ollama: ollama list)
• Verify API URL is correct
• For cloud providers, confirm API key is valid
• Check network connectivity

Solution:

• Verify target is in scope (Target → Scope)
• Ensure traffic is flowing through Burp Proxy
• Check Console for errors
• Try manual analysis (right-click → SILENTCHAIN - Analyze Request)

Solution:

• Verify Burp Suite version (Community/Pro)
• Check Python environment (Jython 2.7)
• Review Extender → Errors tab
• Ensure file permissions are correct

Solution:

• Reduce Max Tokens setting (Settings → AI Provider)
• Clear completed tasks regularly
• Use lighter AI models (e.g., llama3 instead of deepseek-r1)

Enable verbose logging:

1. Settings → Advanced
2. Check Verbose Logging
3. Review Console for detailed output

This project does not accept outside contributions. See CONTRIBUTING.md for details.

1. Check existing issues
2. Create a new issue with:
   • Burp Suite version
   • SILENTCHAIN version
   • AI provider/model
   • Steps to reproduce
   • Error messages (from Console)

Open an issue with tag enhancement:

• Describe the feature
• Explain use case
• Provide examples if possible

SILENTCHAIN AI™ CE is source-visible but proprietary software. By using this software, you agree to the terms in the LICENSE file.

PortSwigger Ltd. is granted explicit permission to redistribute, host, and bundle this software within Burp Suite and the BApp Store free of charge to users. All other redistribution is prohibited without written permission.

Do not use this software for unauthorized access or activities outside systems you own or have explicit permission to test.

• Local Processing: SILENTCHAIN runs entirely within Burp Suite
• No Data Collection: We don't collect or transmit usage data
• AI Provider Privacy:
  • Ollama: Completely local, no external communication
  • Cloud Providers: Data sent to respective AI services (OpenAI, Claude, Gemini)

1. Use Ollama for sensitive testing (100% local, private)
2. Review AI Provider Terms before using cloud services
3. Never test production without authorization
4. Sanitize Data if sharing logs/findings

• 📚 Documentation: Documentation
• 🐛 Issues: GitHub Issues
• ✉️ Email: [email protected]

• ⭐ Star this repository
• 👁️ Watch for updates
• 🐦 Twitter: @SilentChainAI

Built by:

• @xer0dayz at @Sn1perSecurity LLC

Built with:

• Burp Suite by PortSwigger
• Ollama for local AI
• OpenAI for GPT models
• Anthropic for Claude
• Google for Gemini

Inspired by the security community's dedication to making the web safer.

"SILENTCHAIN AI™", "SILENTCHAIN™", and the SILENTCHAIN AI logo are trademarks of SN1PERSECURITY LLC. Unauthorized use is prohibited.