{"id":15546128,"url":"https://github.com/codingo/crithit","last_synced_at":"2025-06-19T14:39:19.432Z","repository":{"id":38542695,"uuid":"251003061","full_name":"codingo/crithit","owner":"codingo","description":"Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.","archived":false,"fork":false,"pushed_at":"2020-03-31T01:32:00.000Z","size":98337,"stargazers_count":211,"open_issues_count":3,"forks_count":44,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-06-13T10:54:44.874Z","etag":null,"topics":["bugbounty","enumeration","hacking","hacking-tool","infosec","offensive-security","penetration-testing","pentest-tools","pentesting","security","security-audit","security-tools","security-vulnerability","web-application-security"],"latest_commit_sha":null,"homepage":"","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codingo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-29T10:11:59.000Z","updated_at":"2025-04-17T02:19:28.000Z","dependencies_parsed_at":"2022-09-21T08:33:44.785Z","dependency_job_id":null,"html_url":"https://github.com/codingo/crithit","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/codingo/crithit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingo%2Fcrithit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingo%2Fcrithit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingo%2Fcrithit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingo%2Fcrithit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codingo","download_url":"https://codeload.github.com/codingo/crithit/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingo%2Fcrithit/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260769840,"owners_count":23060183,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","enumeration","hacking","hacking-tool","infosec","offensive-security","penetration-testing","pentest-tools","pentesting","security","security-audit","security-tools","security-vulnerability","web-application-security"],"created_at":"2024-10-02T13:00:53.579Z","updated_at":"2025-06-19T14:39:14.416Z","avatar_url":"https://github.com/codingo.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# crithit\nWebsite Directory and file brute forcing at extreme scale.\n\n [![License](https://img.shields.io/badge/license-GPL3-_red.svg)](https://www.gnu.org/licenses/gpl-3.0.en.html) [![Twitter](https://img.shields.io/badge/twitter-@codingo__-blue.svg)](https://twitter.com/codingo_)\n\nCritHit takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next wordlist item. The intention of brute foricng in this manner is to avoid low limit Web Application Firewall (WAF) bans and to allow brute forcing to run faster than it normally would when approaching any single host with multiple simultaneous requests.\n\nCritHit can perform multiple verifications of results using proxy lists, as well as filter out noise by base lining websites. Additionally, if looking for a specific item over a large number of websites (to cross compare a vulnerablity over more hosts) you can build and use `--signatures` to write only hosts containing specific data points to an output file.\n\nBest results can be sought from CritHit by using it as a quick \"first pass\" with a smaller (100 critical items) wordlist, a very large target list, and then deep diving more directly with a project such as [ffuf](https://github.com/ffuf/ffuf) where results are found.\n\n# Credits\nInspired by EdOverflows [Megplus](https://github.com/EdOverflow/megplus) and TomNomNom's [meg](https://github.com/tomnomnom/meg) projects which have approached the same idea.\n\nAlso thank-you to [Hakluke](https://github.com/hakluke) and [sml555_](https://github.com/prodigysml) for refining upont the core idea, encouragement, and testing.\n\n## Warning\nThis runs insanely fast using default settings. If you work over a target with a shared waf over domains you will quickly face a ban. Tweak `-n` (timeout) and `-c` (threads) as needed.\n\n## Installation\nInstall dependancies:\n\n- Firstly, Download Boost 1.70 from https://www.boost.org/users/history/version_1_70_0.html and extract the library into any directory. A Unix build of Boost is located in `/dep/` of this repository, this will need to be replaced to build for other environments.\n- Set the environment variable  `BOOST_ROOT` to the root of the extracted library.\n- If you happen to use LibreSSL instead of OpenSSL. You need to have `libcrypto.so.1.1` and `libssl.so.1.1` on your `/usr/lib` directory which is included on `dep/` directory on this repo. \n\nThen: \n```\nsudo apt-get install libssl-dev\n```\n\nMake CMake Files (optional if in `/codingo/opt`)\n```\ncmake -G \"Unix Makefiles\" \n```\nMake solution\n```\nmake\n```\n\n## Build Script\nAlternatively, modify the below for your target environment:\n\n```\nwget \"https://dl.bintray.com/boostorg/release/1.70.0/source/boost_1_70_0.tar.gz\"\ntar -xvzf boost_1_70_0.tar.gz\nexport BOOST_ROOT=\"/home/boost_1_70_0\"\ncd crithit/crithit\ncmake -G \"Unix Makefiles\"\nmake\n./crithit -w _wordlist_ -t _hostnames_\n```\n## Docker\n\n```bash\ncd crithit/crithit\ndocker build -t crithit .\ndocker run -v $(pwd):/input -t crithit -w  /input/_wordlist_ -t /input/_hostnames_\n```\n\n# Usage\n\nReviewing input parameters is recommended until proper documentation has been added to this repository. \n\n```\nUSAGE:\n\n   ./crithit  [--os \u003cfilename\u003e] [--signatures \u003cfilename\u003e] [-e \u003cfilename\u003e]\n              [-n \u003cinteger\u003e] [--read-for \u003cinteger\u003e] [-p \u003cfilename\u003e]\n              [--max-sockets \u003cinteger\u003e] [-V \u003cinteger\u003e] [-r] [-b \u003cstring\u003e]\n              [-s \u003cstring\u003e] [-c \u003cinteger\u003e] [-t \u003cfilename\u003e] [-T \u003cdomain\n              name\u003e] [--verbose] -w \u003cfilename\u003e [-o \u003cfilename\u003e] [--]\n              [--version] [-h]\n\n\nWhere:\n\n   --os \u003cfilename\u003e\n     if --signatures is specified, this specifies the output file to write\n     result to\n\n   --signatures \u003cfilename\u003e\n     file containing list of signatures to look out for in top-level\n     domains\n\n   -e \u003cfilename\u003e,  --exceptions \u003cfilename\u003e\n     filename containing words...\n\n   -n \u003cinteger\u003e,  --wait-for \u003cinteger\u003e\n     wait N seconds to connect/send data to server(default: 5secs)\n\n   --read-for \u003cinteger\u003e\n     wait N seconds to receive data from server(default: 10secs)\n\n   -p \u003cfilename\u003e,  --proxy \u003cfilename\u003e\n     a filename containing list of proxy names and port(IP:port)\n\n   --max-sockets \u003cinteger\u003e\n     Number of sockets to use\n\n   -V \u003cinteger\u003e,  --verify \u003cinteger\u003e\n     verify successful results with different proxies\n\n   -r,  --randomize-agent\n     use random user agents for requests\n\n   -b \u003cstring\u003e,  --statuscodesblacklist \u003cstring\u003e\n     Negative status codes (will override statuscodes if set)\n\n   -s \u003cstring\u003e,  --statuscodes \u003cstring\u003e\n     Positive status codes (will be overwritten with statuscodesblacklist\n     if set)(default 200,204,301,302,307,401,403,408)\n\n   -c \u003cinteger\u003e,  --threads \u003cinteger\u003e\n     Number of threads to use(default: 12)\n\n   -t \u003cfilename\u003e,  --target-list \u003cfilename\u003e\n     a filename containing the list of targets\n\n   -T \u003cdomain name\u003e,  --target \u003cdomain name\u003e\n     the target\n\n   --verbose\n     be verbose with output\n\n   -w \u003cfilename\u003e,  --word-list \u003cfilename\u003e\n     (required)  a filename containing list of words to use\n\n   -o \u003cfilename\u003e,  --output \u003cfilename\u003e\n     output result to (default: stdout)\n\n   --,  --ignore_rest\n     Ignores the rest of the labeled arguments following this flag.\n\n   --version\n     Displays version information and exits.\n\n   -h,  --help\n     Displays usage information and exits.\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodingo%2Fcrithit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodingo%2Fcrithit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodingo%2Fcrithit/lists"}