{"id":13542398,"url":"https://github.com/edoardottt/cariddi","last_synced_at":"2025-05-14T05:10:40.446Z","repository":{"id":37438001,"uuid":"362234372","full_name":"edoardottt/cariddi","owner":"edoardottt","description":"Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more","archived":false,"fork":false,"pushed_at":"2025-04-30T07:19:31.000Z","size":533,"stargazers_count":1655,"open_issues_count":9,"forks_count":172,"subscribers_count":14,"default_branch":"main","last_synced_at":"2025-04-30T08:23:52.336Z","etag":null,"topics":["bugbounty","crawler","crawling","endpoint-discovery","endpoints","go","golang","hacktoberfest","infosec","osint","penetration-testing","pentesting","recon","reconnaissance","redteam","scraper","secret-keys","secrets-detection","security","security-tools"],"latest_commit_sha":null,"homepage":"https://edoardottt.com/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edoardottt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"edoardottt","liberapay":"edoardottt","patreon":"edoardottt","ko_fi":"edoardottt","open_collective":"edoardottt","custom":"https://www.paypal.me/edoardottt"}},"created_at":"2021-04-27T19:54:43.000Z","updated_at":"2025-04-30T07:09:50.000Z","dependencies_parsed_at":"2023-11-06T23:15:19.017Z","dependency_job_id":"629042b2-a9cf-4aae-a834-1463c8c7edea","html_url":"https://github.com/edoardottt/cariddi","commit_stats":{"total_commits":476,"total_committers":10,"mean_commits":47.6,"dds":"0.10504201680672265","last_synced_commit":"f6f2675fb6e3774c308c3ed4301e1ed31fccda53"},"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edoardottt%2Fcariddi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edoardottt%2Fcariddi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edoardottt%2Fcariddi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edoardottt%2Fcariddi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edoardottt","download_url":"https://codeload.github.com/edoardottt/cariddi/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254076850,"owners_count":22010611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","crawler","crawling","endpoint-discovery","endpoints","go","golang","hacktoberfest","infosec","osint","penetration-testing","pentesting","recon","reconnaissance","redteam","scraper","secret-keys","secrets-detection","security","security-tools"],"created_at":"2024-08-01T10:01:06.311Z","updated_at":"2025-05-14T05:10:40.432Z","avatar_url":"https://github.com/edoardottt.png","language":"Go","funding_links":["https://github.com/sponsors/edoardottt","https://liberapay.com/edoardottt","https://patreon.com/edoardottt","https://ko-fi.com/edoardottt","https://opencollective.com/edoardottt","https://www.paypal.me/edoardottt"],"categories":["Go","Miscellaneous","bugbounty","Weapons","信息搜集"],"sub_categories":["Vulnerability Scanners","Tools"],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/edoardottt/images/blob/main/cariddi/logo.png\"\u003e\u003cbr\u003e\n  \u003cb\u003eTake a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more\u003c/b\u003e\u003cbr\u003e\n  \u003cbr\u003e\n  \u003c!-- go-report-card --\u003e\n  \u003ca href=\"https://goreportcard.com/report/github.com/edoardottt/cariddi\"\u003e\n    \u003cimg src=\"https://goreportcard.com/badge/github.com/edoardottt/cariddi\" alt=\"go-report-card\" /\u003e\n  \u003c/a\u003e\n  \u003c!-- workflows --\u003e\n  \u003ca href=\"https://github.com/edoardottt/cariddi/actions\"\u003e\n    \u003cimg src=\"https://github.com/edoardottt/cariddi/actions/workflows/go.yml/badge.svg?branch=main\" alt=\"workflows\" /\u003e\n  \u003c/a\u003e\n  \u003cbr\u003e\n  \u003csub\u003e\n    Coded with 💙 by edoardottt\n  \u003c/sub\u003e\n  \u003cbr\u003e\n  \u003c!--Tweet button--\u003e\n  \u003ca href=\"https://twitter.com/intent/tweet?url=https://github.com/edoardottt/cariddi\u0026text=Take%20a%20list%20of%20domains,%20crawl%20urls%20and%20scan%20for%20endpoints,%20secrets,%20api%20keys,%20file%20extensions,%20tokens%20and%20more...%20%23network%20%23security%20%23infosec%20%23oss%20%23github%20%23bugbounty%20%23linux\" target=\"_blank\"\u003eShare on Twitter!\n  \u003c/a\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#installation-\"\u003eInstall\u003c/a\u003e •\n  \u003ca href=\"#usage-\"\u003eUsage\u003c/a\u003e •\n  \u003ca href=\"#get-started-\"\u003eGet Started\u003c/a\u003e •\n  \u003ca href=\"#changelog-\"\u003eChangelog\u003c/a\u003e •\n  \u003ca href=\"#contributing-\"\u003eContributing\u003c/a\u003e •\n  \u003ca href=\"#license-\"\u003eLicense\u003c/a\u003e\n\u003c/p\u003e\n\n\u003c!--[![asciicast](https://asciinema.org/a/415989.svg)](https://asciinema.org/a/415989)--\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/edoardottt/images/blob/main/cariddi/cariddi.gif\"\u003e\n\u003c/p\u003e\n\nInstallation 📡\n----------\n\n### Homebrew\n\n```console\nbrew install cariddi\n```\n\n### Snap\n\n```console\nsudo snap install cariddi\n```\n\n### Golang\n\n```console\ngo install -v github.com/edoardottt/cariddi/cmd/cariddi@latest\n```\n\n### Pacman\n\n```console\npacman -Syu cariddi\n```\n\n### Building from source\n\nYou need [Go](https://go.dev/) (\u003e=1.23)\n\n\u003cdetails\u003e\n  \u003csummary\u003eBuilding from source for Linux and Windows\u003c/summary\u003e\n\n#### Linux\n\n```console\ngit clone https://github.com/edoardottt/cariddi.git\ncd cariddi\ngo get ./...\nmake linux # (to install)\nmake unlinux # (to uninstall)\n```\n\nOne-liner: `git clone https://github.com/edoardottt/cariddi.git \u0026\u0026 cd cariddi \u0026\u0026 go get ./... \u0026\u0026 make linux`\n\n#### Windows \n\nNote that the executable works only in cariddi folder.\n\n```console\ngit clone https://github.com/edoardottt/cariddi.git\ncd cariddi\ngo get ./...\n.\\make.bat windows # (to install)\n.\\make.bat unwindows # (to uninstall)\n```\n\n\u003c/details\u003e\n\nUsage 💡\n----------\n\nIf you want to scan only a single target you can use\n\n```console\necho https://edoardottt.com/ | cariddi\n```\n\nWith multiple targets you can use a file instead, e.g. urls.txt containing:\n\n```console\nhttps://edoardottt.com/\nhttp://testphp.vulnweb.com/\n```\n\nFor Windows:\n\n- use `powershell.exe -Command \"cat urls.txt | .\\cariddi.exe\"` inside the Command prompt\n- or just `cat urls.txt | cariddi.exe` using PowerShell\n\n### Basics\n\n- `cariddi -version` (Print the version)\n- `cariddi -h` (Print the help)\n- `cariddi -examples` (Print the examples)\n\n### Scan options\n\n- `cat urls.txt | cariddi -intensive` (Crawl searching also subdomains, same as `*.target.com`)\n- `cat urls.txt | cariddi -s` (Hunt for secrets)\n- `cat urls.txt | cariddi -err` (Hunt for errors in websites)\n- `cat urls.txt | cariddi -e` (Hunt for juicy endpoints)\n- `cat urls.txt | cariddi -info` (Hunt for useful informations in websites)\n- `cat urls.txt | cariddi -ext 2` (Hunt for juicy (level 2 out of 7) files)\n- `cat urls.txt | cariddi -e -ef endpoints_file` (Hunt for custom endpoints)\n- `cat urls.txt | cariddi -s -sf secrets_file` (Hunt for custom secrets)\n- `cat urls.txt | cariddi -ie pdf,png,jpg` (Ignore these extensions while scanning)\n\nDefault: png, svg, jpg, jpeg, bmp, jfif, gif, webp, woff, woff2, ttf, tiff, tif are ignored while scanning for secrets, info and errors.\n\n### Configuration\n\n- `cat urls.txt | cariddi -proxy http://127.0.0.1:8080` (Set a Proxy, http and socks5 supported)\n- `cat urls.txt | cariddi -d 2` (2 seconds between a page crawled and another)\n- `cat urls.txt | cariddi -c 200` (Set the concurrency level to 200)\n- `cat urls.txt | cariddi -i forum,blog,community,open` (Ignore urls containing these words)\n- `cat urls.txt | cariddi -it ignore_file` (Ignore urls containing at least one line in the input file)\n- `cat urls.txt | cariddi -cache` (Use the .cariddi_cache folder as cache)\n- `cat urls.txt | cariddi -t 5` (Set the timeout for the requests)\n- `cat urls.txt | cariddi -headers \"Cookie: auth=admin;type=2;; X-Custom: customHeader\"`\n- `cat urls.txt | cariddi -headersfile headers.txt` (Read from an external file custom headers)\n- `cat urls.txt | cariddi -ua \"Custom User Agent\"` (Use a custom User Agent)\n- `cat urls.txt | cariddi -rua` (Use a random browser user agent on every request)\n\n### Output\n\n- `cat urls.txt | cariddi -plain` (Print only results)\n- `cat urls.txt | cariddi -ot target_name` (Results in txt file)\n- `cat urls.txt | cariddi -oh target_name` (Results in html file)\n- `cat urls.txt | cariddi -json` (Print the output as JSON in stdout)\n- `cat urls.txt | cariddi -sr` (Store HTTP responses)\n- `cat urls.txt | cariddi -debug` (Print debug information while crawling)\n- `cat urls.txt | cariddi -md 3` (Max 3 depth levels)\n\nGet Started 🎉\n----------\n\n`cariddi -h` prints the help.\n\n```console\nUsage of cariddi:\n  -c int\n     Concurrency level. (default 20)\n  -cache\n     Use the .cariddi_cache folder as cache.\n  -d int\n     Delay between a page crawled and another.\n  -debug\n     Print debug information while crawling.\n  -e Hunt for juicy endpoints.\n  -ef string\n     Use an external file (txt, one per line) to use custom parameters for endpoints hunting.\n  -err\n     Hunt for errors in websites.\n  -examples\n     Print the examples.\n  -ext int\n     Hunt for juicy file extensions. Integer from 1(juicy) to 7(not juicy).\n  -h Print the help.\n  -headers string\n     Use custom headers for each request E.g. -headers \"Cookie: auth=yes;;Client: type=2\".\n  -headersfile string\n     Read from an external file custom headers (same format of headers flag).\n  -json\n     Print the output as JSON in stdout.\n  -md\n     Maximum depth level the crawler will follow from the initial target URL.\n  -i string\n     Ignore the URL containing at least one of the elements of this array.\n  -ie value\n     Comma-separated list of extensions to ignore while scanning.\n  -info\n     Hunt for useful informations in websites.\n  -intensive\n     Crawl searching for resources matching 2nd level domain.\n  -it string\n     Ignore the URL containing at least one of the lines of this file.\n  -oh string\n     Write the output into an HTML file.\n  -ot string\n     Write the output into a TXT file.\n  -plain\n     Print only the results.\n  -proxy string\n     Set a Proxy to be used (http and socks5 supported).\n  -rua\n     Use a random browser user agent on every request.\n  -s Hunt for secrets.\n  -sf string\n     Use an external file (txt, one per line) to use custom regexes for secrets hunting.\n  -sr\n     Store HTTP responses.\n  -t int\n     Set timeout for the requests. (default 10)\n  -ua string\n     Use a custom User Agent.\n  -version\n     Print the version.\n```\n\n\u003cdetails\u003e\n  \u003csummary\u003eClick to understand \u003cstrong\u003eHow to integrate cariddi with Burpsuite\u003c/strong\u003e\u003c/summary\u003e\n\n   Normally you use Burpsuite within your browser, so you just have to trust the burpsuite's certificate in the browser and you're done.  \n   In order to use cariddi with the BurpSuite proxy you should do some steps further.  \n\n   If you try to use cariddi with the option `-proxy http://127.0.0.1:8080` you will find this error in the burpsuite error log section:  \n\n   ```bash\n   Received fatal alert: bad_certificate (or something similar related to the certificate).\n   ```\n\n   To make cariddi working fine with Burpsuite you have also to trust the certificate within your entire pc, not just only the browser. These are the steps you have to follow:\n\n   Go to Proxy tab in Bupsuite, then Options. Click on the CA Certificate button and export Certificate in DER format  \n\n   ```bash\n   openssl x509 -in burp.der -inform DER -out burp.pem -outform PEM\n   sudo chown root:root burp.pem\n   sudo chmod 644 burp.pem\n   sudo cp burp.pem /usr/local/share/ca-certificates/\n   sudo c_rehash\n   cd /etc/ssl/certs/\n   sudo ln -s /usr/local/share/ca-certificates/burp.pem\n   sudo c_rehash .\n   ```\n\n   Source: Trust Burp Proxy certificate in Debian/Ubuntu  \n\n   After these steps, in order to use cariddi with Burpsuite you have to:  \n\n   1. Open Burpsuite, making sure that the proxy is listening.  \n   2. Use cariddi with the flag `-proxy http://127.0.0.1:8080`.  \n   3. You will see that requests and responses will be logged in Burpsuite.\n\n\u003c/details\u003e\n\nChangelog 📌\n-------\n\nDetailed changes for each release are documented in the [release notes](https://github.com/edoardottt/cariddi/releases).\n\nContributing 🛠\n-------\n\nJust open an [issue](https://github.com/edoardottt/cariddi/issues)/[pull request](https://github.com/edoardottt/cariddi/pulls).\n\nBefore opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run\n\n```console\ngolangci-lint run\n```\n\nIf there aren't errors, go ahead :)\n\nTest using [https://edoardottt.github.io/cariddi-test/](https://edoardottt.github.io/cariddi-test/)\n\n```console\necho \"https://edoardottt.github.io/cariddi-test/\" | cariddi\n```\n\n**Help me build this!**\n\nSpecial thanks to: [go-colly](http://go-colly.org/), [ocervell](https://github.com/ocervell), [zricethezav](https://github.com/gitleaks/gitleaks/blob/master/config/gitleaks.toml), [projectdiscovery](https://github.com/projectdiscovery/nuclei-templates/tree/master/file/keys), [tomnomnom](https://github.com/tomnomnom/gf/tree/master/examples), [RegexPassive](https://github.com/hahwul/RegexPassive) and [all the contributors](https://github.com/edoardottt/cariddi/graphs/contributors).\n\nLicense 📝\n-------\n\nThis repository is under [GNU General Public License v3.0](https://github.com/edoardottt/cariddi/blob/main/LICENSE).  \n[edoardottt.com](https://edoardottt.com/) to contact me.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedoardottt%2Fcariddi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedoardottt%2Fcariddi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedoardottt%2Fcariddi/lists"}