Skip to content
This repository has been archived by the owner on Apr 4, 2024. It is now read-only.

modzero/interestingFileScanner

Repository files navigation

Interesting Files Scanner

About

Interesting Files Scanner extends Burp Suite's active scanner, with scans for interesting files and directories. A main feature of the extension is the check for false positives with tested patterns for each case. Furthermore, a Burp Suite tab is present to select/unselect the checks, to avoid network overload.

For example the following file checks are implemented:

  • Interesting Files such as .git/config
  • SSH private keys
  • Various .key files
  • Common PHP files and the corresponding backup files
  • SQL database files

Installation

  1. Download Burp Suite Pro: http://portswigger.net/burp/download.html
  2. Download Jython standalone JAR: http://www.jython.org/downloads.html
  3. Burp Suite -> Extender -> Options -> Python Environment -> Select File -> Choose the Jython standalone JAR
  4. Clone the GitHub repository: git clone https://github.com/modzero/interestingFileScanner.git
  5. Burp Suite -> Extender -> Add -> Extension type: Python -> Extension file: "downloaded interestingFileScanner.py" -> Next
  6. Go to "Interesting Files Scanner" tab in Burp Suite and configure the extension for your needs

Configuration

You can configure the scans Interesting Files Scanner will perform, select the Interesting File Scanner tab in Burp Suite and select the file checks that may apply to your scenario. Per default all checks are selected.

Furthermore, you can choose if you want Interesting Files Scanner to scan all subdirectories discovered on the target domain. Therefore, unselect the checkbox 'Scan once per domain', which is selected by default.

Requirements

This extension requires Burp Suite Professional and Jython 2.5 or later standalone. (http://www.jython.org)

Contributes to

The project was inspired by the following projects:

Thanks @floyd_ch for code review.

Contact

Please feel free to contact, if you miss any interesting file checks or discover any bugs. Only file checks with sufficient patterns, to avoid false positives, can be implemented.

Releases

No releases published

Packages

No packages published