redhuntlabs/BurpSuite-Asset_Discover redhuntlabs/BurpSuite-Asset_Discover

  • Stars
    star
    214
  • Rank 179,051 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 5 years ago
  • Updated about 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
redhuntlabs/BurpSuite-Asset_Discover
github

redhuntlabs

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Burp Suite extension to discover assets from HTTP response.

BurpSuite Extension - Asset Discover

Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more details.

The extension is now part of the BApp store and can be installed directly from the Burp Suite. https://portswigger.net/bappstore/d927f0065171485981d6eb49a860fc3e

To know more about our Attack Surface Management platform, check out NVADR.

Description

Passively parses HTTP response of the URLs in scope and identifies different type assets such as domain, subdomain, IP, S3 bucket etc. and lists them as informational issues.

Setup

  • Setup the python environment by providing the jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
  • Download the extension.
  • In the 'Extensions' tab under 'Extender', select 'Add'.
  • Change the extension type to 'Python'.
  • Provide the path of the file ‘Asset_Discover.py’ and click on 'Next'.

Usage

  • Add a URL to the 'Scope' under the 'Target' tab. The extension will start identifying assets through passive scan.

Requirements

Code Credits

A large portion of the base code has been taken from the following sources:

License

The project is available under MIT license, see LICENSE file.

More Repositories

1

Awesome-Asset-Discovery

List of Awesome Asset Discovery Resources
1,850
star
2

RedHunt-OS

Virtual Machine for Adversary Emulation and Threat Hunting
1,194
star
3

Octopii

An AI-powered Personal Identifiable Information (PII) scanner.
Python
545
star
4

HTTPLoot

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.
Go
371
star
5

BucketLoot

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.
Go
325
star
6

KubeStalk

KubeStalk discovers Kubernetes and related infrastructure based attack surface from a black-box perspective.
Python
148
star
7

Hunt4Spring

A "Spring4Shell" vulnerability scanner.
Go
50
star
8

Project-Resonance

44
star
9

Log4JHunt

An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.
Python
43
star
10

BurpSuite-Asset_History

Python
33
star
11

Maltego-Scripts

Python
31
star
12

antisquat

Python
30
star
13

ConfluentPwn

Atlassian confluence unauthenticated ONGL injection remote code execution scanner (CVE-2022-26134).
Go
11
star
14

Project-Resonance-Website

Internet wide surveys to study and understand the security state of Internet as well as facilitate research into various components / topics which originate as a result of our surveys.
4
star