Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Overview


Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

go-report-card workflows ubuntu-build win10-build pr-welcome
Mainteinance yes ask me anything gobadge license-GPL3
Coded with ๐Ÿ’™ by edoardottt.
Share on Twitter!

Preview โ€ข Install โ€ข Get Started โ€ข Examples โ€ข Contributing

Preview ๐Ÿ“Š

asciicast

Installation ๐Ÿ“ก

You need Go.

  • Linux

    • git clone https://github.com/edoardottt/cariddi.git
    • cd cariddi
    • go get
    • make linux (to install)
    • make unlinux (to uninstall)

    Or in one line: git clone https://github.com/edoardottt/cariddi.git; cd cariddi; go get; make linux

  • Windows (executable works only in cariddi folder.)

    • git clone https://github.com/edoardottt/cariddi.git
    • cd cariddi
    • go get
    • .\make.bat windows (to install)
    • .\make.bat unwindows (to uninstall)

Get Started ๐ŸŽ‰

cariddi help prints the help in the command line.

Usage of cariddi:
  -c int
    	Concurrency level. (default 20)
  -d int
    	Delay between a page crawled and another.
  -e	Hunt for juicy endpoints.
  -ef string
    	Use an external file (txt, one per line) to use custom parameters for endpoints hunting.
  -examples
    	Print the examples.
  -ext int
    	Hunt for juicy file extensions. Integer from 1(juicy) to 7(not juicy).
  -h	Print the help.
  -oh string
    	Write the output into an HTML file.
  -ot string
    	Write the output into a TXT file.
  -plain
    	Print only the results.
  -s	Hunt for secrets.
  -sf string
    	Use an external file (txt, one per line) to use custom regexes for secrets hunting.
  -version
    	Print the version.

Examples ๐Ÿ’ก

  • cat urls | cariddi -version (Print the version)

  • cat urls | cariddi -h (Print the help)

  • cat urls | cariddi -s (Hunt for secrets)

  • cat urls | cariddi -d 2 (2 seconds between a page crawled and another)

  • cat urls | cariddi -c 200 (Set the concurrency level to 200)

  • cat urls | cariddi -e (Hunt for juicy endpoints)

  • cat urls | cariddi -plain (Print only useful things)

  • cat urls | cariddi -ot target_name (Results in txt file)

  • cat urls | cariddi -oh target_name (Results in html file)

  • cat urls | cariddi -ext 2 (Hunt for juicy (level 2 of 7) files)

  • cat urls | cariddi -e -ef endpoints_file (Hunt for custom endpoints)

  • cat urls | cariddi -s -sf secrets_file (Hunt for custom secrets)

  • For Windows use powershell.exe -Command "cat urls | .\cariddi.exe"

Contributing ๐Ÿ› 

Just open an issue/pull request. See also CONTRIBUTING.md and CODE OF CONDUCT.md

Help me building this!

A special thanks to:

To do:

  • Tests ( ๐Ÿ˜‚ )

  • Tor support

  • Proxy support

  • Plain output (print only results)

  • HTML output

  • Build an Input Struct and use it as parameter

  • Output color

  • Endpoints (parameters) scan

  • Secrets scan

  • Extensions scan

  • TXT output

License ๐Ÿ“

This repository is under GNU General Public License v3.0.
edoardoottavianelli.it to contact me.

Issues
  • Panic while compiling some regex during a find the secrets run

    Panic while compiling some regex during a find the secrets run

    Describe the bug Panic while compiling some regex during a find the secrets (-s) run. It also happens with the -e flag as well.

    panic: regexp: Compile(`*`): error parsing regexp: missing argument to repetition operator: `*`
    
    goroutine 1 [running]:
    regexp.MustCompile(0x14fb20a, 0x1, 0x0)
    	/usr/local/Cellar/go/1.16.4/libexec/src/regexp/regexp.go:311 +0x157
    github.com/edoardottt/cariddi/crawler.Crawler(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x14, 0x1, 0x0, ...)
    	/Users/sean/repos/cariddi/crawler/colly.go:54 +0x1ce
    main.main()
    	/Users/sean/repos/cariddi/main.go:91 +0x3cf
    

    To Reproduce Steps to reproduce the behavior:

    1. Create urls file with a valid url in it
    2. Run the following command: cat urls|./cariddi -d 2 -s
    3. See stack trace shortly after launching

    Expected behavior Cariddi should process the provided site and find any/all secrets

    Desktop (please complete the following information):

    • OS: Mac OS
    • Version: 11.4 (Bug Sur)
    opened by CSBaum 5
  • Add intensive switch

    Add intensive switch

    When providing a list of subdomains to cariddi, like:

    cat alive.txt | cariddi
    

    normally it takes one line once and it fires a crawler instance looking for resources in that website.
    If the first line (just as example) is sub1.example.com, it will look only for resources in that subdomain, having as statement in the colly (colly, the golang based crawler) settings:

    c.AllowedDomains(target)
    

    this means if there are resources pointing to login.example.com cariddi will not consider them.

    With the -intensive switch cariddi don't care about allowed domains, but there is a regex matching the 2nd level domain.
    This means that every resource contained in sub1.example.com, also not belonging to the exact subdomain will be crawled.
    This is an high computing process and it's likely to have an high rate of duplicates resources in the standard output, but not in the output file.

    This means 2 things:

    1. You want to go really deep in the recon process.
    2. You will see a lot of duplicates in the standard output but not in the output file (target.results.txt).

    So, please don't use the stdout as input for another command, but use the txt output file!.

    enhancement Go 
    opened by edoardottt 2
  • Use the cache folder to improve performance

    Use the cache folder to improve performance

    This line is commented now. The _cache folder should be not used where the command is started, but only in a precise folder. Which? ~? /usr/bin ?

    enhancement Go 
    opened by edoardottt 1
  • Too many files open

    Too many files open

    Describe the bug When there are too much requests ongoing cariddi opens too much times the output files (especially with both -ot and -oh enabled).

    To Reproduce Just run cariddi with txt and html output enabled. echo <TARGET> | cariddi -e -ot out-txt -oh out-html

    Expected behavior Run without problems and finish, don't interrupt with errors.

    Error

    2021/07/03 16:16:40 open output-cariddi/<TARGET>.results.txt: too many open files
    2021/07/03 16:16:40 invalid argument
    
    opened by edoardottt 1
  • Set Request Timeout

    Set Request Timeout

    https://pkg.go.dev/github.com/gocolly/colly#Collector.SetRequestTimeout

    opened by edoardottt 1
  • Insert more than one false positive

    Insert more than one false positive

    .

    opened by edoardottt 1
  • Insert AWS S3 Buckets detection

    Insert AWS S3 Buckets detection

    • Add in scanner/secrets.go the Secret object with proper S3 Bucket regular expression to match s3 aws links.
    enhancement help wanted Go Regex 
    opened by edoardottt 0
  • Add cookie support

    Add cookie support

    https://pkg.go.dev/github.com/gocolly/colly#Collector.SetCookies

    opened by edoardottt 0
  • Signal Killed error

    Signal Killed error

    When using -cache and cariddi reads data really fast using the cache it eats too much RAM memory and the process crash with error signal: killed.

    Fast solution: don't use -cache. Sorry for this. If you have ideas or knowledge about how to solve this problem just comment down here.

    opened by edoardottt 0
  • Insert Regex for General Error Pages

    Insert Regex for General Error Pages

    • insert regex for 'general' error (java, sql, python, test pages) in scanner/secrets.go
    enhancement Go 
    opened by edoardottt 0
  • Cariddi use request and response txt file as input

    Cariddi use request and response txt file as input

    Cariddi could use burp or any proxy output as input

    opened by fngoo 4
Owner
gilfoyle97
MSc Cybersecurity Student | @python | @golang | Linux | Bash
gilfoyle97
Find secrets and passwords in container images and file systems

Find secrets and passwords in container images and file systems

null 1.1k Sep 14, 2021
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com

shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br

Paul 3.3k Sep 12, 2021
A containerd runc shim for replacing environment variables with external secrets

ext-secrets-runc-shim A containerd, runc-based, shim for replacing environment variables with secrets from arbitrary external engines. Quickstart Inst

Pelotech 5 Jul 29, 2021
Not Yet Another Password Manager written in Go using libsodium

secrets Secure and simple passwords manager written in Go. It aims to be NYAPM (Not Yet Another Password Manager), but tries to be different from othe

Jarmo Pertman 25 Apr 12, 2021
A tool for secrets management, encryption as a service, and privileged access management

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo

HashiCorp 21.7k Sep 10, 2021
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

ProjectDiscovery 1.5k Sep 14, 2021
Cameradar hacks its way into RTSP videosurveillance cameras

Cameradar An RTSP stream access tool that comes with its library Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect w

Brendan Le Glaunec 2.7k Sep 11, 2021
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

pry0cc 2.3k Sep 4, 2021
How to systematically secure anything: a repository about security engineering

How to Secure Anything Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In

Veeral Patel 6.1k Sep 5, 2021
Cossack Labs 793 Sep 8, 2021
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

docker-slim 10.6k Sep 13, 2021
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities

SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities Why?

Ryan D'Amour 95 Sep 2, 2021
Telling tales on you for leaking secrets!

Squealer Telling tales on you for leaking secrets! Squealer scans a local git repository for secrets that are being leaked deep within the commit hist

Owen Rumney 109 Sep 7, 2021
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Filippo Valsorda 8.3k Sep 12, 2021
Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.

SerpScan Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line. Table

Alaa Abdulridha 42 Aug 23, 2021
A rest application to update firewalld rules on a linux server

Firewalld-rest A REST application to dynamically update firewalld rules on a linux server. Firewalld is a firewall management tool for Linux operating

Prashant Gupta 307 Aug 22, 2021
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.3k Sep 9, 2021
PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. You can use PHP like functions in your app, module etc. when you add this module to your project.

PHP Functions for Golang - phpfuncs PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. Y

Serkan Algur 42 Aug 19, 2021
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

Easy and Powerful TLS Automation The same library used by the Caddy Web Server Caddy's automagic TLS featuresโ€”now for your own Go programsโ€”in one powe

Caddy 3.7k Sep 13, 2021