{"id":13636598,"url":"https://github.com/vsec7/BurpSuite-Xkeys","last_synced_at":"2025-04-19T08:32:44.180Z","repository":{"id":109736994,"uuid":"272400409","full_name":"vsec7/BurpSuite-Xkeys","owner":"vsec7","description":"A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.","archived":false,"fork":false,"pushed_at":"2024-07-09T23:32:40.000Z","size":109,"stargazers_count":250,"open_issues_count":3,"forks_count":54,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-11-09T06:38:41.730Z","etag":null,"topics":["burp-extensions","burpsuite","hacking","osint","pentest-tool","pentesting"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vsec7.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-15T09:46:58.000Z","updated_at":"2024-11-06T03:02:10.000Z","dependencies_parsed_at":"2024-01-21T16:05:49.260Z","dependency_job_id":"d24e0c5f-3564-4fc9-bf98-5c9db2c7d30a","html_url":"https://github.com/vsec7/BurpSuite-Xkeys","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsec7%2FBurpSuite-Xkeys","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsec7%2FBurpSuite-Xkeys/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsec7%2FBurpSuite-Xkeys/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsec7%2FBurpSuite-Xkeys/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vsec7","download_url":"https://codeload.github.com/vsec7/BurpSuite-Xkeys/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249650277,"owners_count":21305988,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-extensions","burpsuite","hacking","osint","pentest-tool","pentesting"],"created_at":"2024-08-02T00:01:03.137Z","updated_at":"2025-04-19T08:32:43.916Z","avatar_url":"https://github.com/vsec7.png","language":"Python","funding_links":[],"categories":["Vulnerability Specific Extensions","Python","Python (1887)"],"sub_categories":["Sensitive Data Exposure"],"readme":"# Xkeys (BurpSuite Extension)\n\u003cimg src=\"https://raw.githubusercontent.com/vsec7/BurpSuite-Xkeys/master/Screenshot/result.png\"\u003e\n\n## Description\nA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.\n\nType : Passive Scanner\n\n# Setup\n\u003cimg src=\"https://raw.githubusercontent.com/vsec7/BurpSuite-Xkeys/master/Screenshot/install.png\"\u003e\n\n- Setup the python environment by providing the \u003ca href=\"https://www.jython.org/download.html\"\u003eJython.jar\u003c/a\u003e file in the 'Options' tab under 'Extender' in Burp Suite.\n- Download the \u003ca href=\"https://github.com/vsec7/BurpSuite-Xkeys/archive/master.zip\"\u003eBurpSuite-Xkeys.zip\u003c/a\u003e.\n- In the 'Extensions' tab under 'Extender', select 'Add'.\n- Change the extension type to 'Python'.\n- Provide the path of the file \"Xkeys.py\" and click on 'Next'.\n\n# Usage\n- The extension will start identifying assets through passive scan.\n\n## Result\n- The extension will show on issues box and on output extender\n\u003cimg src=\"https://raw.githubusercontent.com/vsec7/BurpSuite-Xkeys/master/Screenshot/log.png\"\u003e\n\n## Possible Value Extraction\n```\n{keyword}=\u003cvalue\u003e\n{keyword}= \u003cvalue\u003e\n{keyword} =\u003cvalue\u003e\n{keyword} = \u003cvalue\u003e\n{keyword}'='\u003cvalue\u003e'\n{keyword}'= '\u003cvalue\u003e'\n{keyword}' ='\u003cvalue\u003e'\n{keyword}' = '\u003cvalue\u003e'\n{keyword}\"=\"\u003cvalue\u003e\"\n{keyword}\"= \"\u003cvalue\u003e\"\n{keyword}\" =\"\u003cvalue\u003e\"\n{keyword}\" = \"\u003cvalue\u003e\"\n{keyword}\":\"\u003cvalue\u003e\"\n{keyword}\": \"\u003cvalue\u003e\"\n{keyword}\" :\"\u003cvalue\u003e\"\n{keyword}\" : \"\u003cvalue\u003e\"\n{keyword}=\u003cvalue\u003e\u0026\n```\n\n## Requirements\n- [Jython 2.7.0](https://www.jython.org/download.html)\n- [Burp Suite Pro](https://portswigger.net/burp)\n\n## Code Credits:\n```\n# PortSwigger example-scanner-checks: https://github.com/PortSwigger/example-scanner-checks\n# RedHuntLabs BurpSuite-Asset_Discover: https://github.com/redhuntlabs/BurpSuite-Asset_Discover\n```\n\n- Sec7or Team\n- Surabaya Hacker Link\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvsec7%2FBurpSuite-Xkeys","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvsec7%2FBurpSuite-Xkeys","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvsec7%2FBurpSuite-Xkeys/lists"}