Description
cariddi crawls URLs and scans for secrets, endpoints, API keys, tokens, file extensions, and error pages. It combines crawling with secret detection in a single fast pass, making it ideal for quick bug bounty reconnaissance.
Installation
BASH
go install github.com/edoardottt/cariddi/cmd/cariddi@latestBasic Usage
BASH
# Crawl and scan
echo "https://target.com" | cariddi
# From file
cat urls.txt | cariddiAdvanced Usage
BASH
# Enable all checks
echo "https://target.com" | cariddi -s -e -d -info
# Scan for secrets (-s)
echo "https://target.com" | cariddi -s
# Scan for endpoints (-e)
echo "https://target.com" | cariddi -e
# Custom depth
echo "https://target.com" | cariddi -d 3
# Custom concurrency
echo "https://target.com" | cariddi -c 50
# Output to HTML
echo "https://target.com" | cariddi -s -e -o reportCommon Workflows
BASH
# Subdomain → crawl → secrets pipeline
subfinder -d target.com -silent | httpx -silent | cariddi -s -e -d 3 -c 30
# Quick secret scan across all subdomains
cat alive_subs.txt | cariddi -s -o secret_findings