All Projects → vsec7 → Burpsuite Xkeys

vsec7 / Burpsuite Xkeys

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Burpsuite Xkeys

Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (+86.81%)
Mutual labels:  osint, hacking, pentesting, pentest-tool
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+650.69%)
Mutual labels:  pentesting, pentest-tool, burpsuite, burp-extensions
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+1505.56%)
Mutual labels:  osint, hacking, pentesting, pentest-tool
Ratel
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (-15.97%)
Mutual labels:  hacking, pentesting, pentest-tool
Linkedin2username
OSINT Tool: Generate username lists for companies on LinkedIn
Stars: ✭ 504 (+250%)
Mutual labels:  osint, hacking, pentesting
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+275.69%)
Mutual labels:  osint, pentesting, pentest-tool
Ehtools
Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.
Stars: ✭ 422 (+193.06%)
Mutual labels:  hacking, pentesting, pentest-tool
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+430.56%)
Mutual labels:  hacking, pentesting, pentest-tool
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+4931.94%)
Mutual labels:  hacking, pentesting, pentest-tool
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-19.44%)
Mutual labels:  hacking, pentesting, pentest-tool
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+6136.81%)
Mutual labels:  osint, hacking, pentesting
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+688.89%)
Mutual labels:  hacking, pentesting, pentest-tool
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+229.17%)
Mutual labels:  hacking, pentesting, pentest-tool
Goohak
Automatically Launch Google Hacking Queries Against A Target Domain
Stars: ✭ 432 (+200%)
Mutual labels:  osint, hacking, pentesting
Habu
Hacking Toolkit
Stars: ✭ 635 (+340.97%)
Mutual labels:  hacking, pentesting, pentest-tool
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+196.53%)
Mutual labels:  osint, hacking, pentesting
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+370.14%)
Mutual labels:  hacking, pentesting, pentest-tool
Oscp Prep
my oscp prep collection
Stars: ✭ 105 (-27.08%)
Mutual labels:  osint, hacking, pentesting
Vault
swiss army knife for hackers
Stars: ✭ 346 (+140.28%)
Mutual labels:  osint, hacking, pentesting
Packetwhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (+181.25%)
Mutual labels:  hacking, pentesting, pentest-tool

Xkeys (BurpSuite Extension)

Description

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.

Type : Passive Scanner

Setup

  • Setup the python environment by providing the Jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
  • Download the BurpSuite-Xkeys.zip.
  • In the 'Extensions' tab under 'Extender', select 'Add'.
  • Change the extension type to 'Python'.
  • Provide the path of the file "Xkeys.py" and click on 'Next'.

Usage

  • The extension will start identifying assets through passive scan.

Result

  • The extension will show on issues box and on output extender

Possible Value Extraction

{keyword}=<value>
{keyword}= <value>
{keyword} =<value>
{keyword} = <value>
{keyword}'='<value>'
{keyword}'= '<value>'
{keyword}' ='<value>'
{keyword}' = '<value>'
{keyword}"="<value>"
{keyword}"= "<value>"
{keyword}" ="<value>"
{keyword}" = "<value>"
{keyword}":"<value>"
{keyword}": "<value>"
{keyword}" :"<value>"
{keyword}" : "<value>"
{keyword}=<value>&

Requirements

Code Credits:

# PortSwigger example-scanner-checks: https://github.com/PortSwigger/example-scanner-checks
# RedHuntLabs BurpSuite-Asset_Discover: https://github.com/redhuntlabs/BurpSuite-Asset_Discover
  • Sec7or Team
  • Surabaya Hacker Link
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].