GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → secdec → Attack Surface Detector Burp

secdec / Attack Surface Detector Burp

Licence: mpl-2.0
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Programming Languages

java
68154 projects - #9 most used programming language

Labels

securitypentestingvulnerability

Projects that are alternatives of or similar to Attack Surface Detector Burp

Ansvif
A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Stars: ✭ 107 (+69.84%)
Mutual labels:  pentesting, vulnerability
Thoron
Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (+38.1%)
Mutual labels:  pentesting, vulnerability
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+506.35%)
Mutual labels:  pentesting, vulnerability
Reverse Shell
Reverse Shell as a Service
Stars: ✭ 1,281 (+1933.33%)
Mutual labels:  pentesting, vulnerability
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (+80.95%)
Mutual labels:  pentesting, vulnerability
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+4976.19%)
Mutual labels:  pentesting, vulnerability
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+1244.44%)
Mutual labels:  pentesting, vulnerability
Oscp
My OSCP journey
Stars: ✭ 50 (-20.63%)
Mutual labels:  pentesting
Kill Router
Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.
Stars: ✭ 57 (-9.52%)
Mutual labels:  pentesting
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+14155.56%)
Mutual labels:  pentesting
Milky
A .NET Standard library for pentesting web apps against credential stuffing attacks.
Stars: ✭ 49 (-22.22%)
Mutual labels:  pentesting
Slowloris
Asynchronous Python implementation of SlowLoris DoS attack
Stars: ✭ 51 (-19.05%)
Mutual labels:  vulnerability
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+1612.7%)
Mutual labels:  pentesting
Openvas Scanner
Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)
Stars: ✭ 1,056 (+1576.19%)
Mutual labels:  vulnerability
Redsnarf
RedSnarf is a pen-testing / red-teaming tool for Windows environments
Stars: ✭ 1,109 (+1660.32%)
Mutual labels:  pentesting
Ssrfmap
Simple Server Side Request Forgery services enumeration tool.
Stars: ✭ 50 (-20.63%)
Mutual labels:  pentesting
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-1.59%)
Mutual labels:  pentesting
Fuxi
Penetration Testing Platform
Stars: ✭ 1,103 (+1650.79%)
Mutual labels:  vulnerability
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+1615.87%)
Mutual labels:  pentesting
Nmap Nse Info
Browse and search through nmap's NSE scripts.
Stars: ✭ 54 (-14.29%)
Mutual labels:  pentesting
View All Similar Projects ➔

asd-logo

Summary

During web application penetration testing, it is important to enumerate your application's attack surface. While Dynamic Application Security Testing (DAST) tools (such as Burp Suite and ZAP) are good at spidering to identify application attack surfaces, they will often fail to identify unlinked endpoints and optional parameters. These endpoints and parameters not found often go untested, which can leave your application open to an attacker. This tool is the Attack Surface Detector, a plugin for Burp Suite. This tool figures out the endpoints of a web application, the parameters these endpoints accept, and the data type of those parameters. This includes the unlinked endpoints a spider won't find in client-side code, or optional parameters totally unused in client-side code. The plugin then imports this data into Burp Suite so you view the results, or work with the detected endpoints and parameters from the target site map.

How it Works

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters (with supported languages and frameworks). NOTE: Multiple parsers are needed to support different languages and frameworks.

Supported Frameworks:

  • C# / ASP.NET MVC
  • C# / Web Forms
  • Java / Spring MVC
  • Java / Struts
  • Java JSP
  • Python / Django
  • Ruby / Rails

To see a brief demonstration for the Attack Surface Detector, you can check it out here:

Extension Details

  • Extension Type: Java
  • Extension File: attacksurfacedetector-release-#-jar-with-dependencies

Burp Suite Professional

  • Scanner functionality available.
  • The plugin will run source code analysis and seed endpoints into the target sitemap, and optionally run the spider and active scanning functionality.

Burp Suite Community

  • Scanner unavailable
  • Plugin will run source code analysis and send seeded endpoints to Target and Spider; Scanner will not run

Installation

Detailed install instructions.

For Developers & Contributors

Build Instructions

  1. Install Maven. - https://maven.apache.org/install.html
  2. Clone Attack Surface Detector repository - https://github.com/secdec/attack-surface-detector-burp
  3. Navigate to the Source Code Directory
  4. Open a new terminal and run the command mvn clean package
  5. The plugin will be located in the target folder named attacksurfacedetector-release-#-jar-with-dependencies.jar

License

Licensed under the MPL License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].