A simple Burp Suite extension to extract datas from source code

Last update: Dec 31, 2022

Overview

DataExtractor

A simple Burp Suite extension to extract datas from source code.

Features

in scope parsing
file extensions to ignore
files exclusion based on regexp
multi tabs for multiple purpose
datas extraction based on regexp
datas exclusion based on regexp
datas export

Install

First of all, ensure you have JPython loaded and setup before installing.

clone this repository
in the Extender tab, click the button "Add"
set "Extension type" to "Python"
browse to the cloned folder and select DataExtractor.py as the "Extension file"

The extension should load and is now ready to perform a passive scan.

Screenshots

You might also like...

log4j burp scanner

log4jscanner log4j burp插件特点如下： 0x01 基于Cookie字段、XFF头字段、UA头字段发送payload 0x02 基于域名的唯一性，将host带入dnslog中插件主要识别五种形式： 1.get请求，a=1&b=2&c=3 2.post请求，a=1&b=2&c=

1 Jun 30, 2022

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别，在ceye.io api速率限制下，最大线程扫描每一个参数，记录过滤已检测地址，重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

5 Dec 10, 2021

PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log

1 Jan 31, 2022

This a simple tool XSS Detection Suite for CTFs games

2 Nov 24, 2021

A DOM-based G-Suite password sprayer and user enumerator

1 Apr 7, 2022

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly identify the weakness.

136 Dec 13, 2022

A tool to extract the IdP cert from vCenter backups and log in as Administrator

vCenter SAML Login Tool A tool to extract the Identity Provider (IdP) cert from vCenter backups and log in as Administrator Background Commonly, durin

343 Dec 31, 2022

Python library to remotely extract credentials on a set of hosts.

1.5k Dec 31, 2022

This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

F2Amapper This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to

3 Sep 3, 2022

Comments

Feature request

Hi I really love this tool. But is it possible to add options like "Send to DataExtrator" so I can spicificly can resend old endpoints that I dont want to revisit.

opened by iamRjarpan 2

Releases(v1.1.0)

v1.1.0(Dec 2, 2022)

Source code(tar.gz)
Source code(zip)

Owner

Gwendal Le Coguic

Bug hunter, tool maker.

GitHub Repository

Advanced subdomain scanner, any domain hidden subdomains

little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for

5 Nov 23, 2021

CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s

2 Feb 15, 2022

Scanning for CVE-2021-44228

Filesystem log4j_scanner for windows and Unix. Scanning for CVE-2021-44228, CVE-2021-45046, CVE-2019-17571 Requires a minimum of Python 2.7. Can be ex

4 Jan 09, 2022

Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

1 Jan 14, 2022

OSINT Cybersecurity Tools

OSINT Cybersecurity Tools Welcome to the World of OSINT: An ongoing collection of awesome tools and frameworks, best security software practices, libr

7 Jul 01, 2022

client attack remotely , this script was written for educational purposes only

client attack remotely , this script was written for educational purposes only, do not use against to any victim, which you do not have permission for it

9 Jun 05, 2022

This is a simple PoC for the newly found Polkit error names PwnKit

A Python3 and a BASH PoC for CVE-2021-4034 by Kim Schulz

16 Sep 06, 2022

Log4j command generator: Generate commands for CVE-2021-44228

Log4j command generator Generate commands for CVE-2021-44228. Description The vulnerability exists due to the Log4j processor's handling of log messag

1 Jan 03, 2022

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

5 Oct 08, 2022

Log4Shell Proof of Concept (CVE-2021-44228)

CVE-2021-44228 Log4Shell Proof of Concept (CVE-2021-44228) Make sure to use Java 8 JDK. Java 8 Download Images Credits Casey Dunham - Java Reverse She

3 Jul 23, 2022

The backend part of the simple password manager project made for the creative challenge.

SimplePasswordManagerBackend The backend part of the simple password manager project. Your task will be to showcase your creativity on our channel by

5 Dec 28, 2021

pybotnet - A Python Library for building Botnet , Trojan or BackDoor for windows and linux with Telegram control panel

pybotnet A Python Library for building botnet , trojan or backdoor for windows and linux with Telegram control panel Disclaimer: Please note that this

181 Jan 02, 2023

Automatically fetch, measure, and merge subscription links on the network, use Github Action

Free Node Merge Introduction Modified from alanbobs999/TopFreeProxies It measures the speed of free nodes on the network and import the stable and hig

52 Jul 16, 2022

Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022

A proxy for asyncio.AbstractEventLoop for testing purposes

aioloop-proxy A proxy for asyncio.AbstractEventLoop for testing purposes. When tests writing for asyncio based code, there are controversial requireme

12 Dec 12, 2022

CSAW 2021 writeups

CSAW 2021 Writeups Challenge Category Solved by The Magic Modbus ics root2thrill Lazy Leaks Forensics root2thrill Poem Collection warm-up root2thrill

7 Oct 06, 2021

Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra

21 Sep 24, 2022

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray3

246 Dec 28, 2022

Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus 11306 Based on: https://xz.aliyun.com/t/106

25 Nov 09, 2022

Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's for connected iDevice

FutureHelper Supports macOS and Windows Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's (including beta firmwares) fo

7 Jan 05, 2023