Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/redhuntlabs/BurpSuite-Asset_History

Last synced: 3 months ago
JSON representation

Host: GitHub
URL: https://github.com/redhuntlabs/BurpSuite-Asset_History
Owner: redhuntlabs
License: mit
Created: 2020-07-13T04:30:18.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-07-13T06:45:07.000Z (over 4 years ago)
Last Synced: 2024-05-08T01:34:19.699Z (6 months ago)
Language: Python
Size: 317 KB
Stars: 33
Watchers: 1
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - redhuntlabs/BurpSuite-Asset_History - (Python)

README

        # BurpSuite Extension - Asset History[](https://redhuntlabs.com/)

Burp Suite extension to identify the historic URLs of the domains in scope from WayBackMachine. Refer to our blog [Asset History using Burp Suite](https://redhuntlabs.com/blog/asset-history-burp-extension.html) for more details.

**[`To know more about our Attack Surface Management platform, check out NVADR.`](https://redhuntlabs.com/nvadr)**

# Description

The extension acts as a passive scanner which extracts the domain(s) that are in scope, identifies their historic URLs from [WayBackMachine](http://web.archive.org/) and lists them under the issues section. The URLs can be easily copied from their and tested further for security issues. 

# Setup

- Setup the python environment by providing the [jython.jar](https://www.jython.org/downloads.html) file in the 'Options' tab under 'Extender' in Burp Suite.

- Download the [extension](https://github.com/redhuntlabs/BurpSuite-Asset_History/archive/master.zip).

- In the 'Extensions' tab under 'Extender', select 'Add'.

- Change the extension type to 'Python'.

- Provide the path of the file ‘Asset_History.py’ and click on 'Next'.

- Add the target domain/URL in Scope.

 

# Usage

- Add a URL to the 'Scope' under the 'Target' tab. The extension will identify historic URLs for it. 

 

# Requirements

- [Jython 2.7.0](https://www.jython.org/download)

- [Burp Suite Pro v2020.6](https://portswigger.net/burp) [Not tested on older version, however it should work fine]

# Code Credits

A large portion of the base code has been taken from the following sources:

- [OpenSecurityResearch CustomPassiveScanner](https://github.com/OpenSecurityResearch/CustomPassiveScanner)

- [PortSwigger example-scanner-checks](https://github.com/PortSwigger/example-scanner-checks)

- [BurpSuite Extension - Asset Discover](https://github.com/redhuntlabs/BurpSuite-Asset_Discover)

# To-Do:

- [ ] Add AlienVault Open Threat Exchange

- [ ] Add Domain History

- [ ] Add IP History

# License

The project is available under MIT license, see [LICENSE](https://github.com/redhuntlabs/BurpSuite-Asset_History/blob/master/LICENSE) file.