TD0U

TD0U / FingerScan

Public

BurpSuite 被动指纹识别 / Favicon Hash / 递归目录扫描 / 路径收集 一体化插件

burp-extension burpsuite fingerprint java security-tools
11
0
69% credibility
Found May 08, 2026 at 11 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Java
AI Summary

Burp Suite extension that identifies web technologies through passive proxy scanning, active path probing, and favicon hashing using customizable YAML rules.

How It Works

1
🔍 Discover FingerScan

You hear about FingerScan, a helpful tool inside Burp Suite that spots what software powers websites as you browse.

2
⬇️ Add to Burp

Load the tool into your Burp Suite like adding a new gadget to your security toolkit.

3
⚙️ Set your preferences

Choose what to scan for, like common admin pages or icons, and tweak speeds to match your pace.

4
🔄 Start browsing securely

Turn on listening while you surf sites, and watch fingerprints light up automatically in the dashboard.

5
Dig deeper?
➡️
Quick scan

Let it explore directories and spot more clues effortlessly.

📝
Add sites

Paste URLs to check specific spots right away.

6
📊 Review findings

Check the colorful list of technologies, icons, and paths it found for you.

Spot everything easily

Now you know exactly what runs on sites, ready to explore safely with all clues revealed.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 11 to 11 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is FingerScan?

FingerScan is a Java Burp Suite extension that passively fingerprints web apps via favicon hashing, response matching against YAML rules, recursive directory scanning, and path collection. It analyzes proxy traffic in real-time to spot stacks like Jenkins, Spring Boot, or Docker registries without sending extra requests, while collecting endpoints for later fuzzing. Download from GitHub for burpsuite github linux, termux, or burpsuite pro github mac setups.

Why is it gaining traction?

It bundles favicon fingerprinting with auto-recursive dir busting and path harvesting into Burp's UI tabs, saving switches between tools like those separate burpsuite github actions scanners. YAML rules are dead simple to tweak or expand for custom fingerprints, and proxy integration flags hits like actuator/env leaks instantly. Stands out over basic passive plugins by chaining discovery into active scans seamlessly.

Who should use this?

Burp Suite pros doing recon in engagements, like pentesters mapping app stacks via proxy or bug hunters chaining paths from favicons. Fits red teams on burpsuite github professional who want passive ID plus dir enumeration without leaving Burp, especially on lightweight burpsuite tutorial github flows in termux.

Verdict

Solid pick for Burp Suite recon at 0.7% credibility and 11 stars—mature enough for daily drives if you tweak YAML rules, but pair with tested extensions until docs expand beyond README. Try the GitHub release if passive fingerprinting + paths is your jam.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.