|
1 | | -# 0xGUIDScanner |
| 1 | +# 0xGUID Scanner: UUID/GUID Detection, Classification & Weakness Analysis |
| 2 | +**Author**: Richard Hyunho Im ([@richeeta](https://github.com/richeeta)) at [Route Zero Security](https://routezero.security) |
| 3 | + |
| 4 | +## Description |
| 5 | + |
| 6 | +0xGUID Scanner is a Burp Suite **Professional Edition** extension that passively detects and classifies UUIDs (versions 1 through 5 and malformed variants) embedded in HTTP traffic. It identifies weak, insecure, or predictable UUIDs through detailed analysis of time-based patterns, MAC addresses, name+namespace reversal attacks (v3/v5), entropy weakness, and more. It is designed for AppSec professionals, red teams, and bug bounty researchers who need to detect UUID leakage or insecure identifier generation in real-world web traffic. |
| 7 | + |
| 8 | +### Issues Reported by 0xGUID Scanner |
| 9 | + |
| 10 | + |
| 11 | +## Features |
| 12 | + |
| 13 | +### Core Capabilities |
| 14 | + |
| 15 | +* Full support for UUID **versions 1–5**, plus malformed/fake variants |
| 16 | +* MAC address & timestamp analysis (v1) |
| 17 | +* Clock sequence & DCE domain flagging (v2) |
| 18 | +* Reversal attempts of MD5/SHA-1 hashes to guess name+namespace (v3/v5) |
| 19 | +* Duplicate and randomness detection for v4 |
| 20 | +* Decoding support: Base64 + URL-encoded |
| 21 | +* MAC vendor identification from static and dynamic OUI prefix maps |
| 22 | +* Configurable severity/confidence thresholds |
| 23 | +* Clean UI under Burp's Extender tab |
| 24 | +* Findings integrated directly into Burp’s Scanner issue list |
| 25 | + |
| 26 | + |
| 27 | +## ⚠️ Requirements |
| 28 | +- **Burp Suite Professional Edition** |
| 29 | +- **Java 17 or later** |
| 30 | +- **Apache Maven** (for building from source) |
| 31 | + |
| 32 | +Burp Suite Community Edition is not supported since Burp Scanner is a Pro-exclusive feature. (Sorry!) |
| 33 | + |
| 34 | +## Installation |
| 35 | + |
| 36 | +### Option 1: Download from Releases |
| 37 | + |
| 38 | +Visit the [Releases](https://github.com/richeeta/0xGUIDScanner/releases) tab and download the latest `.jar`. |
| 39 | +Then in Burp Suite Professional: |
| 40 | + |
| 41 | +1. Go to **Extender → Extensions** |
| 42 | +2. Click **Add**, select **Java**, and upload the `.jar` |
| 43 | + |
| 44 | +### Option 2: Build from Source |
| 45 | + |
| 46 | +```bash |
| 47 | +git clone https://github.com/richeeta/0xGUIDScanner.git |
| 48 | +cd 0xGUIDScanner |
| 49 | +mvn clean package |
| 50 | +``` |
| 51 | + |
| 52 | +Then load the JAR from `target/zeroxguidscanner-1.0-SNAPSHOT-jar-with-dependencies.jar`. |
| 53 | + |
| 54 | +## Usage |
| 55 | + |
| 56 | +Once installed, 0xGUID Scanner passively analyzes all HTTP traffic in Burp. |
| 57 | +It flags UUIDs and provides detailed context, including: |
| 58 | +- Raw UUID and version |
| 59 | +- Time, MAC, and vendor data (v1) |
| 60 | +- Clock sequence / domain info (v2) |
| 61 | +- Hash source reversal attempt (v3/v5) |
| 62 | +- Repetition or entropy failure (v4) |
| 63 | +- Confidence and severity ratings |
| 64 | +- Full advisory with markers |
| 65 | + |
| 66 | +## License |
| 67 | + |
| 68 | +This project is released under the GNU Affero General Public License v3.0. |
| 69 | + |
| 70 | +## Disclaimer |
| 71 | + |
| 72 | +This extension is intended for **legal** and **authorized** penetration testing, red teaming, and security research only. You are solely responsible for ensuring its use complies with all applicable laws and ethical guidelines. If you're a criminal, please use a different tool (or no tool). |
0 commit comments