๐ฏ VISTA Documentation
Vulnerability Insight & Strategic Test Assistant โ AI-Powered Security Testing for Burp Suite.
What is VISTA?
VISTA is a professional Burp Suite extension that enhances security testing with AI-powered intelligence. It combines real-time traffic analysis, interactive AI guidance, and practical pentesting tools to help you test faster, smarter, and more systematically.
Version: 2.10.27 ยท License: MIT ยท Java: 17+ ยท Size: ~511KB ยท Zero Dependencies
New in v2.10.27: Robust extraction, edge case handling, token overflow prevention, JSON param parsing, binary detection, fallback preview.
โจ Key Capabilities
| Feature | Description |
|---|---|
| ๐ Traffic Monitor | Real-time HTTP traffic analysis with AI-driven vulnerability detection |
| ๐ค AI Advisor | Context-aware interactive testing suggestions with conversation history |
| ๐ 12 Expert Templates | Built-in prompt templates covering the most common bug bounty vulnerabilities |
| ๐ฏ 80+ Payloads | Pre-built payloads across 8 categories with AI-powered suggestions |
| ๐ก๏ธ WAF Detection | Detect and bypass 8 major WAFs with 250+ bypass techniques |
| ๐ Free AI | Use OpenRouter with no credit card โ powerful AI at zero cost |
๐ Quick Navigation
Getting Started
- Installation โ Download, build, and install VISTA
- Quick Start โ Configure AI and start testing in 5 minutes
- Free AI Setup โ Use VISTA completely free with OpenRouter
Core Features
- Traffic Monitor โ Passive AI traffic analysis
- AI Advisor โ Interactive testing assistant
- Payload Library โ Manage and deploy payloads
- WAF Detection โ Identify and bypass WAFs
Templates
- Template Overview โ How the template system works
- Built-in Templates โ All 12 expert templates
- Custom Templates โ Create your own templates
Configuration
- AI Providers โ Configure OpenAI, Azure, or OpenRouter
- Scope Management โ Target scope configuration
- Data & Backup โ Data storage, backup, and restore
Reference
- Architecture โ How VISTA works under the hood
- Contributing โ Contribute to VISTA
๐ฏ Supported Vulnerabilities
| Vulnerability | AI Guidance | Payloads | Expert Template | Bypass Techniques |
|---|---|---|---|---|
| Cross-Site Scripting (XSS) | โ | โ | โ DOM + Reflected | โ |
| SQL Injection | โ | โ | โ | โ |
| Server-Side Template Injection | โ | โ | โ | โ |
| Server-Side Request Forgery | โ | โ | โ | โ |
| IDOR / BOLA | โ | โ | โ | โ |
| Authentication Bypass | โ | โ | โ | โ |
| File Upload | โ | โ | โ | โ |
| Race Conditions | โ | โ | โ | โ |
| JWT / OAuth | โ | โ | โ | โ |
| API Security (OWASP Top 10) | โ | โ | โ | โ |
| Command Injection | โ | โ | โ | โ |
| XXE | โ | โ | โ | โ |
VISTA is designed for authorized security testing only. Always obtain proper authorization before testing any target.