Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/edoardottt/csprecon

Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon

bounty-hunting bugbounty bugbounty-tool content-security-policy csp golang hacking hacktoberfest information-retrieval offensive-security offensivesecurity recon recon-tool reconnaissance security security-tools

Last synced: 4 days ago
JSON representation

Discover new target domains using Content Security Policy

Awesome Lists containing this project

README

        


csprecon


Discover new target domains using Content Security Policy

Coded with 💙 by edoardottt


go action


go report card




Share on Twitter!


Install
Get Started
Examples
Changelog
Contributing
License





Install 📡
----------

### Homebrew

```console
brew install csprecon
```

### Snap

```console
sudo snap install csprecon
```

### Go

```console
go install github.com/edoardottt/csprecon/cmd/csprecon@latest
```

Get Started 🎉
----------

```console
Usage:
csprecon [flags]

Flags:
INPUT:
-u, -url string Input domain
-l, -list string File containing input domains
-cidr Interpret input as CIDR

CONFIGURATIONS:
-d, -domain string[] Filter results belonging to these domains (comma separated)
-c, -concurrency int Concurrency level (default 50)
-t, -timeout int Connection timeout in seconds (default 10)
-rl, -rate-limit int Set a rate limit (per second)
-px, -proxy string Set a proxy server (URL)

OUTPUT:
-o, -output string File to write output results
-v, -verbose Verbose output
-s, -silent Silent output. Print only results
-j, -json JSON output
```

Examples 💡
----------

Grab all possible results from single domain

```bash
csprecon -u https://www.github.com
```

```bash
echo https://www.github.com | csprecon
```

Grab all possible results from a list of domains (protocols needed!)

```bash
csprecon -l targets.txt
```

```bash
cat targets.txt | csprecon
```

Grab all possible results belonging to specific target(s) from a list of domains (protocols needed!)

```bash
cat targets.txt | csprecon -d google.com
```

Grab all possible results from single CIDR

```bash
csprecon -u 192.168.1.0/24 -cidr
```

Set a rate limit of 10 requests per second

```bash
cat targets.txt | csprecon -rl 10
```

JSON Output

```bash
cat targets.txt | csprecon -j
```

Use a Proxy

```bash
cat targets.txt | csprecon -px http://127.0.0.1:8080
```

Changelog 📌
-------

Detailed changes for each release are documented in the [release notes](https://github.com/edoardottt/csprecon/releases).

Contributing 🛠
-------

Just open an [issue](https://github.com/edoardottt/csprecon/issues) / [pull request](https://github.com/edoardottt/csprecon/pulls).

Before opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run

```bash
golangci-lint run
```

If there aren't errors, go ahead :)

In the news 📰
-------

- [Hive Five Newsletter by Securibee](https://securib.ee/newsletter/)
- [Trickest](https://twitter.com/trick3st/status/1788877498731696256)
- [Critical Thinking - Bug Bounty Podcast](https://blog.criticalthinkingpodcast.io/p/jason-haddix-returns)

License 📝
-------

This repository is under [MIT License](https://github.com/edoardottt/csprecon/blob/main/LICENSE).
[edoardottt.com](https://edoardottt.com/) to contact me.