A simple Burp Suite extension to extract datas from source code

Last update: Dec 31, 2022

Overview

DataExtractor

A simple Burp Suite extension to extract datas from source code.

Features

in scope parsing
file extensions to ignore
files exclusion based on regexp
multi tabs for multiple purpose
datas extraction based on regexp
datas exclusion based on regexp
datas export

Install

First of all, ensure you have JPython loaded and setup before installing.

clone this repository
in the Extender tab, click the button "Add"
set "Extension type" to "Python"
browse to the cloned folder and select DataExtractor.py as the "Extension file"

The extension should load and is now ready to perform a passive scan.

Screenshots

You might also like...

log4j burp scanner

log4jscanner log4j burp插件特点如下： 0x01 基于Cookie字段、XFF头字段、UA头字段发送payload 0x02 基于域名的唯一性，将host带入dnslog中插件主要识别五种形式： 1.get请求，a=1&b=2&c=3 2.post请求，a=1&b=2&c=

1 Jun 30, 2022

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别，在ceye.io api速率限制下，最大线程扫描每一个参数，记录过滤已检测地址，重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

5 Dec 10, 2021

PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log

1 Jan 31, 2022

This a simple tool XSS Detection Suite for CTFs games

2 Nov 24, 2021

A DOM-based G-Suite password sprayer and user enumerator

1 Apr 7, 2022

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly identify the weakness.

136 Dec 13, 2022

A tool to extract the IdP cert from vCenter backups and log in as Administrator

vCenter SAML Login Tool A tool to extract the Identity Provider (IdP) cert from vCenter backups and log in as Administrator Background Commonly, durin

343 Dec 31, 2022

Python library to remotely extract credentials on a set of hosts.

1.5k Dec 31, 2022

This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

F2Amapper This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to

3 Sep 3, 2022

Comments

Feature request

Hi I really love this tool. But is it possible to add options like "Send to DataExtrator" so I can spicificly can resend old endpoints that I dont want to revisit.

opened by iamRjarpan 2

Releases(v1.1.0)

v1.1.0(Dec 2, 2022)

Source code(tar.gz)
Source code(zip)

Owner

Gwendal Le Coguic

Bug hunter, tool maker.

GitHub Repository

A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms.

MacPer A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms. Not all of the exploits directly sp

20 Nov 30, 2022

Proof of concept GnuCash Webinterface

Proof of Concept GnuCash Webinterface This may one day be a something truly great. Milestones [ ] Browse accounts and view transactions [ ] Record sim

14 Dec 28, 2022

Receive notifications/alerts on the most recent disclosed CVE's.

Receive notifications on the most recent disclosed CVE's.

7 Nov 24, 2022

Send CVE information to the specified mailbox (from Github)

91 Nov 08, 2022

PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log

1 Jan 31, 2022

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m

1 Jan 11, 2022

A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Wlan Fetcher Windows10 Description A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer. Usage This Script onl

2 Nov 20, 2021

Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4

Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i

116 Jan 08, 2023

Salesforce Recon and Exploitation Toolkit

Salesforce Recon and Exploitation Toolkit Salesforce Recon and Exploitation Toolkit Usage python3 main.py URL References Announcement Blog - https:/

81 Dec 23, 2022

Just another script for automatize boolean-based blind SQL injections.

SQL Blind Injection Tool A script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwi

51 Dec 15, 2022

Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

GoodHound ______ ____ __ __ / ____/___ ____ ____/ / / / /___ __ ______ ____/ / / / __/ __ \/ __ \/ __

352 Jan 02, 2023

Looks at Python code to search for things which look "dodgy" such as passwords or diffs

dodgy Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions desig

112 Nov 25, 2022

Rouge Spammers with a mission to disrupt the peace of the valley ? Fear not we will STOMP the Spammers

Rouge Spammers with a mission to disrupt the peace of the valley ? Fear not we will STOMP the Spammers New Update : adding 'on-review' tag on an issue

13 Sep 19, 2021

This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

RemoteMouse-3.008-Exploit The RemoteMouse application is a program for remotely controlling a computer from a phone or tablet. This exploit allows to

25 Dec 04, 2022

A simple Burp Suite extension to extract datas from source code

Related tags

Overview

DataExtractor

Features

Install

Screenshots

You might also like...

log4j burp scanner

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

This a simple tool XSS Detection Suite for CTFs games

A DOM-based G-Suite password sprayer and user enumerator

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

A tool to extract the IdP cert from vCenter backups and log in as Administrator

Python library to remotely extract credentials on a set of hosts.

This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

Comments

Feature request

Releases(v1.1.0)

v1.1.0(Dec 2, 2022)

Owner

Gwendal Le Coguic

A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms.

Proof of concept GnuCash Webinterface

Receive notifications/alerts on the most recent disclosed CVE's.

Send CVE information to the specified mailbox (from Github)

PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4

Salesforce Recon and Exploitation Toolkit

Just another script for automatize boolean-based blind SQL injections.

Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

Looks at Python code to search for things which look "dodgy" such as passwords or diffs

Rouge Spammers with a mission to disrupt the peace of the valley ? Fear not we will STOMP the Spammers

This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

RedlineSpam - Python tool to spam Redline Infostealer panels with legit looking data

Delta Sharing: An Open Protocol for Secure Data Sharing

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Tinyman exploit finder - Tinyman exploit finder for python

Client script for the fisherman phishing tool