Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/modzero/interestingFileScanner

Burp extension
https://github.com/modzero/interestingFileScanner

Last synced: about 1 month ago
JSON representation

Burp extension

Host: GitHub
URL: https://github.com/modzero/interestingFileScanner
Owner: modzero
Archived: true
Created: 2018-05-24T10:54:17.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-06-18T08:57:44.000Z (over 6 years ago)
Last Synced: 2024-08-02T00:23:04.714Z (4 months ago)
Language: Python
Homepage:
Size: 31.7 MB
Stars: 57
Watchers: 13
Forks: 14
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-burp-extensions - Interesting Files Scanner - Interesting Files Scanner extends Burp Suite's active scanner, with scans for interesting files and directories. A main feature of the extension is the check for false positives with tested patterns for each case. (Vulnerability Specific Extensions / Sensitive Data Exposure)

README

# Interesting Files Scanner
## About
Interesting Files Scanner extends Burp Suite's active scanner, with scans for interesting files and directories.
A main feature of the extension is the check for false positives with tested patterns for each case. Furthermore,
a Burp Suite tab is present to select/unselect the checks, to avoid network overload.

For example the following file checks are implemented:

* Interesting Files such as .git/config
* SSH private keys
* Various .key files
* Common PHP files and the corresponding backup files
* SQL database files

## Installation
1. Download Burp Suite Pro: http://portswigger.net/burp/download.html
2. Download Jython standalone JAR: http://www.jython.org/downloads.html
3. Burp Suite -> Extender -> Options -> Python Environment -> Select File -> Choose the Jython standalone JAR
4. Clone the GitHub repository: git clone https://github.com/modzero/interestingFileScanner.git
5. Burp Suite -> Extender -> Add -> Extension type: Python -> Extension file: "downloaded interestingFileScanner.py" -> Next
6. Go to "Interesting Files Scanner" tab in Burp Suite and configure the extension for your needs

## Configuration
You can configure the scans Interesting Files Scanner will perform, select the Interesting File Scanner
tab in Burp Suite and select the file checks that may apply to your scenario. Per default all checks are selected.

Furthermore, you can choose if you want Interesting Files Scanner to scan all subdirectories discovered
on the target domain. Therefore, unselect the checkbox 'Scan once per domain', which is selected by
default.

## Requirements
This extension requires Burp Suite Professional and Jython 2.5 or later standalone. (http://www.jython.org)

## Contributes to
The project was inspired by the following projects:
* https://github.com/hannob/snallygaster
* https://github.com/albinowax/ActiveScanPlusPlus
* https://github.com/unamer/CTFHelper/blob/master/CTFhelper.py

Thanks @floyd_ch for code review.

## Contact
Please feel free to contact, if you miss any interesting file checks or discover any bugs.
Only file checks with sufficient patterns, to avoid false positives, can be implemented.