Skip to content
Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
Go
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update FUNDING.yml Nov 6, 2019
.gitignore Update .gitignore file to include release items. Oct 18, 2019
CONTRIBUTING.md
LICENSE Create LICENSE Oct 14, 2019
README.md Rename 0000000000000000000000003random. Oct 14, 2019
csp.go Prevent Goroutines from exiting on error. Oct 20, 2019

README.md

csp

Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs. I use this for reconnaissance purposes while bug bounty hunting.

Buy Me A Coffee

Usage

$ cat hosts.txt
http://example.com/
$ cat hosts.txt | csp
example.com
subdomain.example.com
...

Set concurrency level using the -c flag.

$ csp -h
Usage of csp:
  -c int
    	set the concurrency level (default 20)
$ cat hosts.txt | csp -c 2
...

Installation

$ go get -u github.com/edoverflow/csp

You can also download a binary and put it in your $PATH (e.g. in /usr/bin/).

Contributing

I welcome contributions from the public.

Using the issue tracker 💡

The issue tracker is the preferred channel for bug reports and features requests.

Issues and labels 🏷

The bug tracker utilizes several labels to help organize and identify issues.

Guidelines for bug reports 🐛

Use the GitHub issue search — check if the issue has already been reported.

Credit

Thank you to @TomNomNom, @jimen0, and @003random for their help.

You can’t perform that action at this time.