GerbenJavado
commented
7 years ago Probably not. The reason is that I believe that LinkFinder needs quite a bit manual analysis to investigate the endpoints. For example /v1/user could easily be for the endpoint /api/v1/user. Furthermore parameters might be needed to verify the request. Thus the amount of false positives that would give, loosing the context of the endpoint and the extra work made me decide to not do it.
If you know a way around these limitation I would be interested to hear them.
Great idea.
Coupling this with a spider or inside of Burp would be best for full scope testing =)