Favicon of cariddi

cariddi

CLI tool that crawls websites to discover hidden endpoints, exposed secrets, API keys, and sensitive files. Supports custom patterns, Burpsuite integration, and JSON output for security assessments.

A powerful command-line scanner designed for security professionals to identify vulnerabilities in web applications. Crawl domain URLs and automatically detect hidden endpoints, exposed API keys, credentials, and sensitive file types without manual effort.

Key capabilities include:

  • Endpoint Discovery: Find admin pages, login endpoints, and hidden routes
  • Secret Detection: Identify exposed API keys, tokens, and credentials using regex patterns
  • File Scanning: Locate sensitive file types across 7 juicy-level categories
  • Custom Rules: Define your own endpoint lists and secret detection patterns
  • Performance Control: Adjust concurrency levels and request delays to avoid server overload
  • Burpsuite Integration: Route traffic through Burpsuite for deeper analysis
  • Flexible Output: Save results as JSON, HTML, or text files for reporting
  • Advanced Filtering: Ignore specific URL patterns and file extensions
  • Subdomain Crawling: Intensive mode searches across wildcard subdomains

Perfect for bug bounty hunters, penetration testers, and security teams conducting vulnerability assessments. Run from the terminal with minimal configuration—pipe a list of domains and let the tool handle the reconnaissance automatically.

Install

Brew
$ brew install cariddi

Features

JSON outputScriptable

Media

asciinema

Pros

4
  • Discovers hidden endpoints, exposed secrets, and sensitive files.
  • Supports custom patterns for targeted scanning.
  • Integrates with Burpsuite for enhanced security assessments.
  • Provides JSON output for machine-readable results.

Related tools

Categories:

Share:

Auto-fetched .

Recent releases

Similar to cariddi

Favicon

 

  
 
Favicon

 

  
 
Favicon