The Attack Surface Detector (ASD) tool is a new plugin for Burp Suite and OWASP ZAP that allows you to quickly & easily increase the coverage of your penetration testing.

Using application development framework-aware static source code analysis, the Attack Surface Detector detects all of the web application endpoints, parameters, and parameter data types in an application. This information is automatically fed into the Burp and ZAP sitemaps, providing a more thorough enumeration of the application's attack surface.

The Attack Surface Detector finds hidden endpoints and optional parameters that can't be seen in the client-side code.

Frameworks currently supported:
ASP.NET MVC
ASP.NET Web Forms
Spring MVC
Struts
Django
JSP
Ruby on Rails

Download, contribute, and learn more at:
ASD Burp Git: [ Ссылка ]
ASD Zap Git: [ Ссылка ]

[ Ссылка ]

свернуть