GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → P3GLEG → Pwnback

P3GLEG / Pwnback

Licence: mit
Burp Extender plugin that generates a sitemap of a website using Wayback Machine

Programming Languages

java
68154 projects - #9 most used programming language

Labels

security-toolsosintinformation-retrievalburpsuiteburp-extensions

Projects that are alternatives of or similar to Pwnback

Burpsuite Xkeys
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (-29.06%)
Mutual labels:  osint, burpsuite, burp-extensions
Inql
InQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (+252.22%)
Mutual labels:  security-tools, burpsuite, burp-extensions
Burp Exporter
Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.
Stars: ✭ 122 (-39.9%)
Mutual labels:  security-tools, burpsuite, burp-extensions
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-20.2%)
Mutual labels:  security-tools, burpsuite, burp-extensions
Cstc
CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
Stars: ✭ 91 (-55.17%)
Mutual labels:  burpsuite, burp-extensions
Gitgraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+473.4%)
Mutual labels:  osint, security-tools
Headless Burp
Automate security tests using Burp Suite.
Stars: ✭ 192 (-5.42%)
Mutual labels:  burpsuite, burp-extensions
Scilla
🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-42.86%)
Mutual labels:  information-retrieval, security-tools
Burpbounty
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (+405.42%)
Mutual labels:  burpsuite, burp-extensions
Archivefuzz
Hunt down the secrets from the WebArchives for Fun and Profit
Stars: ✭ 108 (-46.8%)
Mutual labels:  osint, security-tools
Burp Molly Pack
Security checks pack for Burp Suite
Stars: ✭ 123 (-39.41%)
Mutual labels:  burpsuite, burp-extensions
Metaforge
An OSINT Metadata analyzing tool that filters through tags and creates reports
Stars: ✭ 63 (-68.97%)
Mutual labels:  osint, security-tools
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+432.51%)
Mutual labels:  burpsuite, burp-extensions
Swurg
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-53.69%)
Mutual labels:  burpsuite, burp-extensions
Burp Suite Error Message Checks
Burp Suite extension to passively scan for applications revealing server error messages
Stars: ✭ 45 (-77.83%)
Mutual labels:  burpsuite, burp-extensions
Opensquat
Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149 (-26.6%)
Mutual labels:  osint, security-tools
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+941.38%)
Mutual labels:  osint, security-tools
Rescope
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-23.15%)
Mutual labels:  security-tools, burpsuite
Gitgot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: ✭ 964 (+374.88%)
Mutual labels:  osint, security-tools
Social Analyzer
API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+4062.07%)
Mutual labels:  osint, security-tools
View All Similar Projects ➔

PwnBack

Alt text

Getting Started

PwnBack requires PhantomJS to run. You can download it from here

To understand why it is required currently see the section PhantomsJS

The plugin has several settings that a user can define depending on their hardware setup.

  • # of PhantomJS WebDrivers

    • The number of Firefox headless browsers to open. Be mindful of Burp Suite's memory settings

  • # of HTTP Response Parsers

    • These are responsible for parsing requests generated by the WebDriver. You may gain very little by increasing this number.

  • Start Year

    • How far back in a Website's history you'd like to traverse

  • End Year

    • When to stop looking at a Website's History

  • PhantomJS Location

    • The location of the PhantomJS binary

  • Output Folder

    • Where to save results when the Export Results button is pressed

  • Domain

    • The domain name to crawl. example.com, example.org, etc.

  • CA Bundle

    • The CA certificate you wish to use for PhantomJS. You shouldn't need this, however, check Troubleshooting if no traffic is being generated

Installing

In BurpSuite open the Extender Tab

Click the Add button

Locate the jar file included in this repo.

The current version of is v1.7.21, I am unable to guarantee backward support.

Build

Run the following commands

git clone https://github.com/k4ch0w/PwnBack.git
cd PwnBack
./gradlew fatJar

Authors

  • Paul Ganea - Initial work - k4ch0w

License

This project is licensed under the MIT License - see the LICENSE.md file for details

PhantomJS

PhantomJS is required to correctly render pages produced by archive.org. The service uses ajax calls to render the page, so if you don't use a web driver that supports Javascript you will only receive the way back machines toolbar.

Troubleshooting

There is an issue with the JVM's Cert storage on certain computers and the SSL certificate provided by archive.org If you see no traffic being generate run the following command and provide the path to the CA-Bundle

curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].