Home

Awesome

BurpSuite Extension - Asset Discover<img src="https://i1.wp.com/redhuntlabs.com/wp-content/uploads/2020/05/RedHunt-Logo-Without-Text-Dark.png?w=512&ssl=1" align="right" width="100">

Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more details.

The extension is now part of the BApp store and can be installed directly from the Burp Suite. https://portswigger.net/bappstore/d927f0065171485981d6eb49a860fc3e

<kbd><img src="https://github.com/redhuntlabs/BurpSuite-Asset_Discover/raw/master/Screenshots/Asset_Discovery_Burp_Extension.jpg" width="420" height="275"></kbd>

To know more about our Attack Surface Management platform, check out NVADR.

Description

Passively parses HTTP response of the URLs in scope and identifies different type assets such as domain, subdomain, IP, S3 bucket etc. and lists them as informational issues.

Setup

<kbd><img src="https://github.com/redhuntlabs/BurpSuite-Asset_Discover/blob/master/Screenshots/Add%20Extension.jpg" width="420" height="275"></kbd> <kbd><img src="https://github.com/redhuntlabs/BurpSuite-Asset_Discover/blob/master/Screenshots/Add%20URL%20to%20scope.jpg" width="420" height="275"></kbd>

Usage

<kbd><img src="https://github.com/redhuntlabs/BurpSuite-Asset_Discover/blob/master/Screenshots/Asset%20Discovery%201.jpg" width="420" height="275"></kbd> <kbd><img src="https://github.com/redhuntlabs/BurpSuite-Asset_Discover/blob/master/Screenshots/Asset%20Discovery%202.jpg" width="420" height="275"></kbd>

Requirements

Code Credits

A large portion of the base code has been taken from the following sources:

License

The project is available under MIT license, see LICENSE file.