Awesome Open Source
Awesome Open Source

Xkeys (BurpSuite Extension)


A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.

Type : Passive Scanner


  • Setup the python environment by providing the Jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
  • Download the
  • In the 'Extensions' tab under 'Extender', select 'Add'.
  • Change the extension type to 'Python'.
  • Provide the path of the file "" and click on 'Next'.


  • The extension will start identifying assets through passive scan.


  • The extension will show on issues box and on output extender

Possible Value Extraction

{keyword}= <value>
{keyword} =<value>
{keyword} = <value>
{keyword}'= '<value>'
{keyword}' ='<value>'
{keyword}' = '<value>'
{keyword}"= "<value>"
{keyword}" ="<value>"
{keyword}" = "<value>"
{keyword}": "<value>"
{keyword}" :"<value>"
{keyword}" : "<value>"


Code Credits:

# PortSwigger example-scanner-checks:
# RedHuntLabs BurpSuite-Asset_Discover:
  • Sec7or Team
  • Surabaya Hacker Link

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
python (53,650
hacking (553
pentesting (376
osint (214
pentest-tool (134
burpsuite (57
burp-extensions (33