Configuration

About Surface Explorer

Surface Explorer is a cutting-edge tool developed to enhance the capabilities of cybersecurity professionals in discovering exposed IT assets. The project, spearheaded by a team of dedicated developers, aims to provide an intuitive, comprehensive solution for surface analysis in penetration testing.

This project is proudly funded and supported by OpenBash, a platform committed to advancing cybersecurity research and tool development. OpenBash's support has been instrumental in bringing Surface Explorer to life, providing resources and guidance throughout the development process.

We are always looking for passionate individuals to join our cause. If you're interested in contributing to Surface Explorer, visit our project page on GitHub or contact us through OpenBash's website.

Help & Instructions

Surface Explorer is a tool designed for automating the discovery and analysis of web surfaces in penetration testing. It allows users to specify URLs or domains, choose scanning modes, and customize other options for efficient exploration.

Available Options

• Scan Mode: Choose between 'Normal' and 'Path Explorer' scanning modes. 'Normal' performs a standard scan, while 'Path Explorer' delves into specific paths.
• URLs or Domains: Enter the URLs or domains to be explored, separated by commas or new lines.
• Max. Iframes: Set the maximum number of iframes to load simultaneously.
• Loading Mode: Select 'Load on Complete' to load the next iframe after the previous one completes, or 'Load with Timeout' to load iframes at regular intervals.
• Timeout (sec): Specify the timeout in seconds for loading iframes when 'Load with Timeout' is selected.
• Dictionary: Choose a dictionary for path discovery. 'Discovery' for comprehensive scanning, 'Quick Visit' for a rapid overview, or 'Custom' to use a user-defined wordlist.
• Custom Wordlist URL: Provide a URL for a custom wordlist to be used in scanning.
• Config Button: Opens the configuration panel to set a custom wordlist URL.
• Download Burp Project: Download the configuration file for use with Burp Suite.
• Scan Targets Button: Initiates the scanning process based on the specified settings.
• Stop Button: Stops the ongoing scanning process immediately.

Easiest Setup via Burp Suite Project Import

To ensure correct configuration and ease of use, importing the Surface Explorer project into Burp Suite is recommended. Follow these steps to import the project:

1. Download the Burp Suite Project File: Use the 'Download Burp Project' button in Surface Explorer to download the project file.
2. Open Burp Suite: Launch Burp Suite on your system.
3. Import the Project: In Burp Suite, go to the 'Project options' tab. Click on 'Import Project' and select the downloaded project file.
4. Review and Apply Settings: Once imported, review the project settings to ensure they align with your testing environment. Adjust as necessary.
5. Start Using Surface Explorer: With the project settings imported and adjusted, you can now start using Surface Explorer. All traffic generated will be routed through Burp Suite for analysis.

This approach guarantees that the necessary security configurations are in place for Surface Explorer to function correctly within the context of Burp Suite.

Please ensure the following requirements are met:

1. IMPORTANT: Use this application exclusively from Burp Suite's Browser.
2. Configure Match and Replace rules in Burpsuite to evade some protections:

Data Storage

Preferences and configurations are stored locally in the browser using Local Storage. To maintain preferences across sessions, it's recommended to use a loaded user profile in the browser.

Use of HTTP

The application operates over HTTP to allow mixed traffic from HTTP to HTTPS. Since it is a tool for analyzing security within Burp Suite, the use of HTTPS is not considered beneficial in this context.