Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/redhuntlabs/BurpSuite-Asset_Discover

Burp Suite extension to discover assets from HTTP response.
https://github.com/redhuntlabs/BurpSuite-Asset_Discover

asset-discovery osint pentesting

Last synced: 3 months ago
JSON representation

Burp Suite extension to discover assets from HTTP response.

Host: GitHub
URL: https://github.com/redhuntlabs/BurpSuite-Asset_Discover
Owner: redhuntlabs
License: mit
Created: 2019-07-04T15:09:57.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2021-05-18T23:13:01.000Z (over 3 years ago)
Last Synced: 2024-07-30T20:29:47.874Z (3 months ago)
Topics: asset-discovery, osint, pentesting
Language: Python
Homepage:
Size: 1.91 MB
Stars: 216
Watchers: 12
Forks: 50
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-burp-extensions - Asset Discover - Burp Suite extension to discover assets from HTTP response using passive scanning. (Information Gathering)
awesome-hacking-lists - redhuntlabs/BurpSuite-Asset_Discover - Burp Suite extension to discover assets from HTTP response. (Python)

README

# BurpSuite Extension - Asset Discover[](https://redhuntlabs.com/)
Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog [Asset Discovery using Burp Suite](https://redhuntlabs.com/blog/asset-discovery-burp-extension.html) for more details.

The extension is now part of the BApp store and can be installed directly from the Burp Suite. https://portswigger.net/bappstore/d927f0065171485981d6eb49a860fc3e

**[`To know more about our Attack Surface Management platform, check out NVADR.`](https://redhuntlabs.com/nvadr)**

# Description
Passively parses HTTP response of the URLs **in scope** and identifies different type assets such as **domain, subdomain, IP, S3 bucket** etc. and lists them as informational issues.

# Setup
- Setup the python environment by providing the [jython.jar](https://www.jython.org/downloads.html) file in the 'Options' tab under 'Extender' in Burp Suite.
- Download the [extension](https://github.com/redhuntlabs/BurpSuite-Asset_Discover/archive/master.zip).
- In the 'Extensions' tab under 'Extender', select 'Add'.
- Change the extension type to 'Python'.
- Provide the path of the file ‘Asset_Discover.py’ and click on 'Next'.

# Usage
- Add a URL to the 'Scope' under the 'Target' tab. The extension will start identifying assets through passive scan.

# Requirements
- [Jython 2.7.0](https://www.jython.org/downloads.html)
- [Burp Suite Pro v2.1](https://portswigger.net/burp)

# Code Credits
A large portion of the base code has been taken from the following sources:
- [OpenSecurityResearch CustomPassiveScanner](https://github.com/OpenSecurityResearch/CustomPassiveScanner)
- [PortSwigger example-scanner-checks](https://github.com/PortSwigger/example-scanner-checks)

# License
The project is available under MIT license, see [LICENSE](https://github.com/redhuntlabs/BurpSuite-Asset_Discover/blob/master/LICENSE) file.