vsec7/BurpSuite-Xkeys

Stars
238
Rank 165,365 (Top 4 %)
Language
Python
Created about 4 years ago
Updated almost 4 years ago

vsec7/BurpSuite-Xkeys

vsec7

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Xkeys (BurpSuite Extension)

Description

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.

Type : Passive Scanner

Setup

Setup the python environment by providing the Jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
Download the BurpSuite-Xkeys.zip.
In the 'Extensions' tab under 'Extender', select 'Add'.
Change the extension type to 'Python'.
Provide the path of the file "Xkeys.py" and click on 'Next'.

Usage

The extension will start identifying assets through passive scan.

Result

The extension will show on issues box and on output extender

Possible Value Extraction

{keyword}=<value>
{keyword}= <value>
{keyword} =<value>
{keyword} = <value>
{keyword}'='<value>'
{keyword}'= '<value>'
{keyword}' ='<value>'
{keyword}' = '<value>'
{keyword}"="<value>"
{keyword}"= "<value>"
{keyword}" ="<value>"
{keyword}" = "<value>"
{keyword}":"<value>"
{keyword}": "<value>"
{keyword}" :"<value>"
{keyword}" : "<value>"
{keyword}=<value>&

Requirements

Code Credits:

# PortSwigger example-scanner-checks: https://github.com/PortSwigger/example-scanner-checks
# RedHuntLabs BurpSuite-Asset_Discover: https://github.com/redhuntlabs/BurpSuite-Asset_Discover

Sec7or Team
Surabaya Hacker Link

xkeys

Extract Sensitive Keys, Secret, Token Or Interested thing from source

DiscordSelfbot

Simple Discord SelfBot Python Version

Command-Collections

Simple command shell collections

Laravel-PhpUnit-Rce-And-Get-Env-Exploiter

Laravel PhpUnit Rce And Get Env Exploiter

0x-Wallet-Generator

ERC20 BEP20 Wallet Generator

gitdorkhelper

Just simple helper tool for generate github search link

DOSI

Auto Claim DON + Participate Adventure DOSI

urlive

Check url is live (*HTTP status code "200 ok" only*).

twitdrop

Airdrop Twitter Task Helper (Follow, Like, Retweet Quote)

xurls

eXtract URLs from source

Email-Opened-Tracker

Email Opened Tracker

Sol-Wallet-Generator

Solana Wallet Generator

DC-Bot-Auto-Post

discrot

Discrot is a simple GO tool for Grinding / Leveling chat discord

cXss

bigtoken

Big Token Auto Register And Verification

Discord-SelfBot

Simple Discord Self Bot

PUBGM-UserCustom-En-Decoder

Discord-Selfbot-Google-Script

Discord Selfbot Google App Script

vsec7.github.io

Simple-CRUD-with-jsonstore.io

Create, Read, Update, Delete with jsonstore.io

Simple-MySQL-Injection-Labs

Simple Labs MySQL Injection

dirscans

Web File / Directory Scanner

Dump-The-Flag-Source

qriket

Qriket Auto Claim Spin Balance

Auto-Claim-Hi-Tele-SelfBot

Auto Claim Hi.com Telegram SelfBot

MassTweet

Simple Mass Tweet (follow, Like, RT, Reply, Quote)

Simple-Google-Dorker

DCBot-On24x7

Simple-Email-Sorter

Yahoo-Email-Exist-Checker

mass-join-leave-discord-selfbot

Simple Mass Join Leave Discord Selfbot

GoSex

Simple GoPay Sender

Reverse-IP-And-Dtect-CMS

Reserve IP And Detect CMS

vsec7

phrase2pk

Seed phrase / Mnemonic to Private key Converter tool for Ethereum Wallet

threads-bot

Auto posts random quote threads.net

NeverBounce-Checker-Bash-

Never Bounce Email Valid Checker

nft-list

Compare-2-Files

Extract-data-with-SQLi-curl-grep-

Simple-API-dunia21-Scrapper

Auto-Claim-Hi

Auto Claim Hi.com

revip

Reverse IP Domain Checker

Mnemonic2PK

Mnemonic to PrivateKey Converter

Mass-Join-Leave-DC-Selfbot

Mass Join Leave DC Selfbot Python version

Simple-WP-Auto-Login-And-Shell-Upload

rincans.io

SAMEHADAKU.NET-GRABBER-API

SAMEHADAKU GRABBER API

Contoh-Auto-Login-Dan-File-Upload

botwarpcast

Auto Following Warpcast (Farcaster)