Cariddi – Take A List Of Domains, Crawl URLS & Scan For Endpoints, Secrets, API Keys, File Extensions & Tokens

Admin
cariddi

Installation satellite

You need Go.

  • Linux
    • git clone https://github.com/edoardottt/cariddi.git
    • cd cariddi
    • go get
    • make linux (to install)
    • make unlinux (to uninstall)
    Or in one line: git clone https://github.com/edoardottt/cariddi.git; cd cariddi; go get; make linux
  • Windows (executable works only in cariddi folder.)
    • git clone https://github.com/edoardottt/cariddi.git
    • cd cariddi
    • go get
    • .\make.bat windows (to install)
    • .\make.bat unwindows (to uninstall)

Get Started tada

cariddi -h prints the help in the command line.

Usage of cariddi:
  -c int
    	Concurrency level. (default 20)
  -cache
	Use the .cariddi_cache folder as cache.
  -d int
    	Delay between a page crawled and another.
  -e	Hunt for juicy endpoints.
  -ef string
    	Use an external file (txt, one per line) to use custom parameters for endpoints hunting.
  -examples
    	Print the examples.
  -ext int
    	Hunt for juicy file extensions. Integer from 1(juicy) to 7(not juicy).
  -h	Print the help.
  -i string
    	Ignore the URL containing at least one of the elements of this array.
  -it string
    	Ignore the URL containing at least one of the lines of this file.
  -oh string
    	Write the output into an HTML file.
  -ot string
    	Write the output into a TXT file.
  -plain
    	Print only the results.
  -s	Hunt for secrets.
  -sf string
    	Use an external file (txt, one per line) to use custom regexes for secrets hunting.
  -version
    	Print the version.

Examples bulb

  • cariddi -version (Print the version)
  • cariddi -h (Print the help)
  • cariddi -examples (Print the examples)
  • cat urls | cariddi -s (Hunt for secrets)
  • cat urls | cariddi -d 2 (2 seconds between a page crawled and another)
  • cat urls | cariddi -c 200 (Set the concurrency level to 200)
  • cat urls | cariddi -e (Hunt for juicy endpoints)
  • cat urls | cariddi -plain (Print only useful things)
  • cat urls | cariddi -ot target_name (Results in txt file)
  • cat urls | cariddi -oh target_name (Results in html file)
  • cat urls | cariddi -ext 2 (Hunt for juicy (level 2 of 7) files)
  • cat urls | cariddi -e -ef endpoints_file (Hunt for custom endpoints)
  • cat urls | cariddi -s -sf secrets_file (Hunt for custom secrets)
  • cat urls | cariddi -i forum,blog,community,open (Ignore urls containing these words)
  • cat urls | cariddi -it ignore_file (Ignore urls containing at least one line in the input file)
  • cat urls | cariddi -cache (Use the .cariddi_cache folder as cache.)
  • For Windows use powershell.exe -Command "cat urls | .\cariddi.exe"

Contributing hammer_and_wrench

Just open an issue/pull request. See also CONTRIBUTING.md and CODE OF CONDUCT.md

Help me building this!

A special thanks to:

To do:

  • Tests (joy)
  • Tor support
  • Proxy support
  • Ignore specific types of urls
  • Plain output (print only results)
  • HTML output
  • Build an Input Struct and use it as parameter
  • Output color
  • Endpoints (parameters) scan
  • Secrets scan
  • Extensions scan
  • TXT output

Download: https://github.com/edoardottt/cariddi

Please follow and like us:
error
fb-share-icon
Tweet
fb-share-icon

Leave a Reply

Your email address will not be published. Required fields are marked *