Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/edoardottt/csprecon
Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon
bounty-hunting bugbounty bugbounty-tool content-security-policy csp golang hacking hacktoberfest information-retrieval offensive-security offensivesecurity recon recon-tool reconnaissance security security-tools
Last synced: 4 days ago
JSON representation
Discover new target domains using Content Security Policy
- Host: GitHub
- URL: https://github.com/edoardottt/csprecon
- Owner: edoardottt
- License: mit
- Created: 2022-11-18T14:45:21.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-11-28T08:18:54.000Z (14 days ago)
- Last Synced: 2024-11-30T20:05:57.590Z (11 days ago)
- Topics: bounty-hunting, bugbounty, bugbounty-tool, content-security-policy, csp, golang, hacking, hacktoberfest, information-retrieval, offensive-security, offensivesecurity, recon, recon-tool, reconnaissance, security, security-tools
- Language: Go
- Homepage: https://edoardottt.com/
- Size: 6.39 MB
- Stars: 382
- Watchers: 7
- Forks: 46
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-bugbounty-tools - csprecon - Discover new target domains using Content Security Policy (Miscellaneous / Uncategorized)
- WebHackersWeapons - csprecon
- awesome-hacking-lists - edoardottt/csprecon - Discover new target domains using Content Security Policy (Go)
README
csprecon
Discover new target domains using Content Security Policy
Coded with 💙 by edoardottt
Install •
Get Started •
Examples •
Changelog •
Contributing •
License
Install 📡
----------### Homebrew
```console
brew install csprecon
```### Snap
```console
sudo snap install csprecon
```### Go
```console
go install github.com/edoardottt/csprecon/cmd/csprecon@latest
```Get Started 🎉
----------```console
Usage:
csprecon [flags]Flags:
INPUT:
-u, -url string Input domain
-l, -list string File containing input domains
-cidr Interpret input as CIDRCONFIGURATIONS:
-d, -domain string[] Filter results belonging to these domains (comma separated)
-c, -concurrency int Concurrency level (default 50)
-t, -timeout int Connection timeout in seconds (default 10)
-rl, -rate-limit int Set a rate limit (per second)
-px, -proxy string Set a proxy server (URL)OUTPUT:
-o, -output string File to write output results
-v, -verbose Verbose output
-s, -silent Silent output. Print only results
-j, -json JSON output
```Examples 💡
----------Grab all possible results from single domain
```bash
csprecon -u https://www.github.com
``````bash
echo https://www.github.com | csprecon
```Grab all possible results from a list of domains (protocols needed!)
```bash
csprecon -l targets.txt
``````bash
cat targets.txt | csprecon
```Grab all possible results belonging to specific target(s) from a list of domains (protocols needed!)
```bash
cat targets.txt | csprecon -d google.com
```Grab all possible results from single CIDR
```bash
csprecon -u 192.168.1.0/24 -cidr
```Set a rate limit of 10 requests per second
```bash
cat targets.txt | csprecon -rl 10
```JSON Output
```bash
cat targets.txt | csprecon -j
```Use a Proxy
```bash
cat targets.txt | csprecon -px http://127.0.0.1:8080
```Changelog 📌
-------Detailed changes for each release are documented in the [release notes](https://github.com/edoardottt/csprecon/releases).
Contributing 🛠
-------Just open an [issue](https://github.com/edoardottt/csprecon/issues) / [pull request](https://github.com/edoardottt/csprecon/pulls).
Before opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run
```bash
golangci-lint run
```If there aren't errors, go ahead :)
In the news 📰
-------- [Hive Five Newsletter by Securibee](https://securib.ee/newsletter/)
- [Trickest](https://twitter.com/trick3st/status/1788877498731696256)
- [Critical Thinking - Bug Bounty Podcast](https://blog.criticalthinkingpodcast.io/p/jason-haddix-returns)License 📝
-------This repository is under [MIT License](https://github.com/edoardottt/csprecon/blob/main/LICENSE).
[edoardottt.com](https://edoardottt.com/) to contact me.