Scan Only - Githubissues

edoardottt / cariddi

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

https://edoardoottavianelli.it

GNU General Public License v3.0

1.47k stars 149 forks source link

Scan Only #119

Closed jaikishantulswani closed 1 year ago

jaikishantulswani commented 1 year ago

@edoardottt Would be helpful if cariddi have a feature to only scan endpoints (not crawl) like with an argument -only-scan

echo "https://example.com/x.js" | cariddi -only-scan
cat "links.txt" | cariddi -onlyscan

edoardottt commented 1 year ago

Thanks @jaikishantulswani :)

ocervell commented 1 year ago

+1 btw ! Differenciating crawling and hunting modes basically.

For instance, you capture responses with Burp or other tools (httpx, katana, gau, gospider) and you can analyze those responses files (txt?) with cariddi's embedded patterns.

nb: i'm also realizing this is about the same as implementing gf patterns and running gf instead so maybe this is overkill !

edoardottt commented 1 year ago

@ocervell I agree, this would be reimplementing gf.

ocervell commented 1 year ago

Maybe we might need an issue to allow saving raw HTTP requests & responses.

edoardottt commented 1 year ago

Agree https://github.com/edoardottt/cariddi/issues/121 @ocervell

edoardottt commented 1 year ago

Maybe we might need an issue to allow saving raw HTTP requests & responses.

https://github.com/edoardottt/cariddi/issues/121