Skip to content

redhuntlabs/BurpSuite-Asset_Discover

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 

Repository files navigation

BurpSuite Extension - Asset Discover

Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more details.

The extension is now part of the BApp store and can be installed directly from the Burp Suite. https://portswigger.net/bappstore/d927f0065171485981d6eb49a860fc3e

To know more about our Attack Surface Management platform, check out NVADR.

Description

Passively parses HTTP response of the URLs in scope and identifies different type assets such as domain, subdomain, IP, S3 bucket etc. and lists them as informational issues.

Setup

  • Setup the python environment by providing the jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
  • Download the extension.
  • In the 'Extensions' tab under 'Extender', select 'Add'.
  • Change the extension type to 'Python'.
  • Provide the path of the file ‘Asset_Discover.py’ and click on 'Next'.

Usage

  • Add a URL to the 'Scope' under the 'Target' tab. The extension will start identifying assets through passive scan.

Requirements

Code Credits

A large portion of the base code has been taken from the following sources:

License

The project is available under MIT license, see LICENSE file.

About

Burp Suite extension to discover assets from HTTP response.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages