{"id":36443909,"url":"https://github.com/iustin24/chameleon","last_synced_at":"2026-01-11T22:02:17.740Z","repository":{"id":53174636,"uuid":"487685565","full_name":"iustin24/chameleon","owner":"iustin24","description":null,"archived":false,"fork":false,"pushed_at":"2023-05-17T14:34:20.000Z","size":7039,"stargazers_count":360,"open_issues_count":6,"forks_count":45,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-06-19T02:58:07.150Z","etag":null,"topics":["bugbounty","pentesting","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iustin24.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-02T01:37:56.000Z","updated_at":"2024-06-13T21:25:36.000Z","dependencies_parsed_at":"2024-06-19T02:41:17.152Z","dependency_job_id":"b2a22430-65a9-4f9e-bd9c-bd98d461d754","html_url":"https://github.com/iustin24/chameleon","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/iustin24/chameleon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iustin24%2Fchameleon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iustin24%2Fchameleon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iustin24%2Fchameleon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iustin24%2Fchameleon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iustin24","download_url":"https://codeload.github.com/iustin24/chameleon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iustin24%2Fchameleon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28324838,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-11T18:42:50.174Z","status":"ssl_error","status_checked_at":"2026-01-11T18:39:13.842Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","pentesting","security-tools"],"created_at":"2026-01-11T22:02:17.508Z","updated_at":"2026-01-11T22:02:17.730Z","avatar_url":"https://github.com/iustin24.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Chameleon \n\nChameleon provides better content discovery by using wappalyzer's set of technology fingerprints alongside custom wordlists tailored to each detected technologies.\n\nThe tool is highly customizable and allows users to add in their own custom wordlists, extensions or fingerprints.\n\nThe full documentation is available on:\nhttps://youst.in/posts/context-aware-conent-discovery-with-chameleon/\n\n## Installation\n\n### Linux 64-bit and MacOS\n```\ncurl -sL https://raw.githubusercontent.com/iustin24/chameleon/master/install.sh | bash\n```\nRunning the script will create the directory `~/.config/chameleon/` and download the config file and custom wordlists.\n\n\n## Example Usage:\n\n### Tech Scan + Directory Bruteforce:\n```\n\u003e chameleon --url https://example.com -a\n```\n\u003cbr\u003e\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"1200\" src=\"_img/Screenshot%202022-09-10%20at%2000.57.25.png\"\u003e\n\u003c/p\u003e\n\u003cbr\u003e\n\n### Options\n\n```\nOPTIONS:\n    -a, --tech-detect\n            Automatically detect technologies with wappalyzer and adapt wordlist\n\n    -A, --auto-calibrate\n            Automatically calibrate filtering options (default: false)\n\n    -c, --mc \u003cMATCHCODE\u003e...\n            Match HTTP status codes from response - Comma separated list [default:\n            200,204,301,302,307,401,403,405]\n\n    -C, --fc \u003cFILTERCODE\u003e...\n            Filter HTTP status codes from response - Comma separated list\n\n    -h, --help\n            Print help information\n\n    -i, --include tech \u003cTECHS\u003e\n            Technology to be included, even if its not detected by wappalyzer. ( -i PHP,IIS )\n\n    -J, --json\n            Save the output as json\n\n    -k, --config \u003cCONFIG\u003e\n            Config file to use [default: ~/.config/chameleon/config.toml]\n\n    -L, --hosts-file \u003cHOSTS_FILE\u003e\n            List of hosts to scan\n\n    -o, --output \u003cOUTPUT\u003e\n            Save the output into a file\n\n    -s, --ms \u003cMATCHSIZE\u003e...\n            Match HTTP response size. Comma separated list of sizes\n\n    -S, --fs \u003cFILTERSIZE\u003e...\n            Filter HTTP response size. Comma separated list of sizes\n\n    -t, --concurrency \u003cCONCURRENCY\u003e\n            Number of concurrent threads ( default: 200 ) [default: 40]\n\n    -T, --tech url \u003cTECH_URL\u003e\n            URL which will be scanned for technologies. By default, this is the same as '-u',\n            however it can be changed using '-T'\n\n    -u, --url \u003cURL\u003e\n            url to scan\n\n    -U, --user-agent \u003cUSERAGENT\u003e\n            Change the value for the user-agent header [default: \"Chameleon /\n            https://github.com/iustin24/chameleon\"]\n\n    -V, --version\n            Print version information\n\n    -w, --wordlist \u003cWORDLIST\u003e\n            Main wordlist to use for bruteforcing\n\n    -W, --small-wordlist \u003cSMALL_WORDLIST\u003e\n            Wordlist used to generate files by adding extensions ( FUZZ.%ext )\n\n    -X, --methods \u003cMETHODS\u003e...\n            HTTP Methods to use. Comma separated list of sizes [default: GET]\n\n```\n\n## Config file\n\nChameleon uses the config file located in `~/.config/chameleon/config.yaml`. \n\n### Changing the default wordlists:\n\nIf no wordlist is provided, chameleon will use the wordlist specified in `main_wordlist` from the config file. ( Default: ~/.config/chameleon/wordlists/raft-medium-words.txt )\n\nWhen detecting technologies with characteristic extensions, chameleon will generate a wordlist by like so ( FUZZ.%ext ). Chameleon will use the wordlist specified in `small_wordlist` from the config file. ( Default: ~/.config/chameleon/wordlists/raft-medium-words.txt )\n\n### Changing technology wordlists\n\nExample config.yaml with technology specific wordlists:\n\n```\n# Technology Specific Wordlists:\n\nFlask=\"~/.config/chameleon/wordlists/Flask.txt\"\nJava=\"~/.config/chameleon/wordlists/Java.txt\"\nGo=\"~/.config/chameleon/wordlists/GO.txt\"\n...\n```\n\n### Adding new technology wordlists\n\nChameleon uses fingerprints from https://github.com/iustin24/wappalyzer/blob/master/apps.json. \nYou can add new technology wordlists by taking the name of a technology from `apps.json` and adding it to the config file like so:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"600\" src=\"_img/bitrix.png\"\u003e\n\u003c/p\u003e\n\n```\n# Technology Specific Wordlists:\n\n1C-Bitrix=\"~/.config/chameleon/wordlists/new_tech_wordlist.txt\"\n...\n```\n\n### Adding new extension fingerprints.\n\nChameleon generates wordlists using characteristic extensions matching the detected technology. You can add / modify the extensions in the config file like so:\n\n```\n# Technology specific Extensions\n\nMicrosoft_ASP_NET_ext=\"aspx,ashx,asmx,asp\"\nJava_ext=\"jsp\"\nCFML_ext=\"cfm\"\nPython_ext=\"py\"\nPHP_ext=\"php\"\n```\n\n## To-do\n\n~~Update the wappalyzer crate to also support the \"implies\" feature for better technology detection.~~\n\n~~Add auto calibration for filtering~~\n\nAdd option to add custom headers.\n\n## Credits \n\nepi052 - https://github.com/epi052/feroxfuzz/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiustin24%2Fchameleon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiustin24%2Fchameleon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiustin24%2Fchameleon/lists"}