Skip to content
Burp Suite extension to discover assets from HTTP response.
Branch: master
Clone or download
Latest commit c2821a9 Jul 5, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Screenshots Add files via upload Jul 4, 2019
Asset_Discover.py Create Asset_Discover.py Jul 4, 2019
LICENSE Initial commit Jul 4, 2019
README.md Update README.md Jul 4, 2019

README.md

BurpSuite Extension - Asset Discover

Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more details.

Description

Passively parses HTTP response of the URLs in scope and identifies different type assets such as domain, subdomain, IP, S3 bucket etc. and lists them as informational issues.

Setup

  • Setup the python environment by providing the jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
  • Download the extension.
  • In the 'Extensions' tab under 'Extender', select 'Add'.
  • Change the extension type to 'Python'.
  • Provide the path of the file ‘Asset_Discover.py’ and click on 'Next'.

Usage

  • Add a URL to the 'Scope' under the 'Target' tab. The extension will start identifying assets through passive scan.

Requirements

Code Credits

A large portion of the base code has been taken from the following sources:

License

The project is available under MIT license, see LICENSE file.

You can’t perform that action at this time.