Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs. I use this for reconnaissance purposes while bug bounty hunting.
$ cat hosts.txt http://example.com/ $ cat hosts.txt | csp example.com subdomain.example.com ...
Set concurrency level using the
$ csp -h Usage of csp: -c int set the concurrency level (default 20) $ cat hosts.txt | csp -c 2 ...
$ go get -u github.com/edoverflow/csp
You can also download a binary and put it in your
$PATH (e.g. in
I welcome contributions from the public.
Using the issue tracker
The issue tracker is the preferred channel for bug reports and features requests.
Issues and labels
The bug tracker utilizes several labels to help organize and identify issues.
Guidelines for bug reports
Use the GitHub issue search — check if the issue has already been reported.