Skip to content
Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's your very own discovery side kick, the Dr. Watson to your Sherlock!
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
README.md
__version__.py Upon multiple users request, we are removing this feature. Oct 31, 2019
dr-watson.py Added in automatic checking for any updates. User still needs to down… Oct 31, 2019
issues_library.json Fixed formatting of the JSON file Sep 15, 2019

README.md

Dr. Watson

Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's your very own discovery side kick, the Dr. Watson to your Sherlock!

License Twitter Version

How Does Dr. Watson Work?

Dr. Watson takes regexes from the issues_library.json file and attempts to match said regexes with responses within Burp Suite. Once it matches a regex, it raises an issue with the severity defined in the config, as a finding for the target host. It is simple, sweet, and easy to use!

Setup - Installing for Burp Suite Pro

Setting Up Jython

  1. Download the latest standalone version of jython
  2. Navigate to Extender -> Options
  3. Navigate to the "Python Environment" section
  4. Click "Select File" and select the previously downloaded file

Installing the Plugin

  1. Navigate to Extender -> Extensions
  2. Click the "Add" button
  3. Change the "Extension Type" to "Python"
  4. Select the plugin python file within the "Extension file" field
  5. Click "Next"
  6. Enjoy the plugin!

How to Use The Plugin

  1. Install the plugin
  2. Add any domain you want analysed into scope (if not in scope, it will not be analysed, ensuring performance is not hindered immensely)
  3. Navigate / crawl through the website and observe the plugin creates issues for different resources identified.

Authors and Thanks

Originally written by Sajeeb Lohani (sml555). I would like to thank the following for helping with the project:

  • BugCrowd HUNT for the Jython installation steps
  • Redhunt Labs for the original plugin and the idea
  • TruffleHog Regexes and git-all-secrets for the regexes

Contributions

Contributions to this project are very welcome. If you're a newcomer to open source and would like some help in doing so, feel free to reach out to me on twitter (@sml555_) and I'll assist wherever I can.

You can’t perform that action at this time.