Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/edoardottt/csprecon

Discover new target domains using Content Security Policy
https://github.com/edoardottt/csprecon

bounty-hunting bugbounty bugbounty-tool content-security-policy csp golang hacking hacktoberfest information-retrieval offensive-security offensivesecurity recon recon-tool reconnaissance security security-tools

Last synced: 4 days ago
JSON representation

Discover new target domains using Content Security Policy

Awesome Lists containing this project

README 

        


  csprecon

  





Discover new target domains using Content Security Policy



 Coded with 💙 by edoardottt 






  

      go action

  



  

      go report card

  






  

  Share on Twitter!

  






  Install
  Get Started
  Examples
  Changelog
  Contributing
  License






  



  

Install 📡

----------



### Homebrew



```console

brew install csprecon

```



### Snap



```console

sudo snap install csprecon

```



### Go



```console

go install github.com/edoardottt/csprecon/cmd/csprecon@latest

```



Get Started 🎉

----------



```console

Usage:

  csprecon [flags]



Flags:

INPUT:

   -u, -url string   Input domain

   -l, -list string  File containing input domains

   -cidr             Interpret input as CIDR



CONFIGURATIONS:

   -d, -domain string[]  Filter results belonging to these domains (comma separated)

   -c, -concurrency int  Concurrency level (default 50)

   -t, -timeout int      Connection timeout in seconds (default 10)

   -rl, -rate-limit int  Set a rate limit (per second)

   -px, -proxy string    Set a proxy server (URL)



OUTPUT:

   -o, -output string  File to write output results

   -v, -verbose        Verbose output

   -s, -silent         Silent output. Print only results

   -j, -json           JSON output

```



Examples 💡

----------



Grab all possible results from single domain



```bash

csprecon -u https://www.github.com

```



```bash

echo https://www.github.com | csprecon

```



Grab all possible results from a list of domains (protocols needed!)



```bash

csprecon -l targets.txt

```



```bash

cat targets.txt | csprecon

```



Grab all possible results belonging to specific target(s) from a list of domains (protocols needed!)



```bash

cat targets.txt | csprecon -d google.com

```



Grab all possible results from single CIDR



```bash

csprecon -u 192.168.1.0/24 -cidr

```



Set a rate limit of 10 requests per second



```bash

cat targets.txt | csprecon -rl 10

```



JSON Output



```bash

cat targets.txt | csprecon -j

```



Use a Proxy



```bash

cat targets.txt | csprecon -px http://127.0.0.1:8080

```



Changelog 📌

-------



Detailed changes for each release are documented in the [release notes](https://github.com/edoardottt/csprecon/releases).



Contributing 🛠

-------



Just open an [issue](https://github.com/edoardottt/csprecon/issues) / [pull request](https://github.com/edoardottt/csprecon/pulls).



Before opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run



```bash

golangci-lint run

```



If there aren't errors, go ahead :)



In the news 📰

-------



- [Hive Five Newsletter by Securibee](https://securib.ee/newsletter/)

- [Trickest](https://twitter.com/trick3st/status/1788877498731696256)

- [Critical Thinking - Bug Bounty Podcast](https://blog.criticalthinkingpodcast.io/p/jason-haddix-returns)



License 📝

-------



This repository is under [MIT License](https://github.com/edoardottt/csprecon/blob/main/LICENSE).  

[edoardoottavianelli.it](https://www.edoardoottavianelli.it) to contact me.