Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
November 29, 2023 10:44
June 9, 2023 11:35
June 9, 2023 11:51
February 22, 2023 07:39
June 6, 2023 08:37
April 27, 2021 21:54
April 5, 2023 11:43
October 16, 2023 11:49
April 5, 2023 11:43
June 9, 2023 11:36

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

go-report-card workflows ubuntu-build win10-build pr-welcome
Mainteinance yes ask me anything license-GPL3
Coded with πŸ’™ by edoardottt
Share on Twitter!

Install β€’ Get Started β€’ Examples β€’ Changelog β€’ Contributing β€’ License

Installation πŸ“‘

Using Snap

sudo snap install cariddi

Using Go

go install -v

Building from source

You need Go.

  • Linux

    • git clone
    • cd cariddi
    • go get ./...
    • make linux (to install)
    • make unlinux (to uninstall)

    Or in one line: git clone; cd cariddi; go get; make linux

  • Windows (executable works only in cariddi folder.)

    • git clone
    • cd cariddi
    • go get ./...
    • .\make.bat windows (to install)
    • .\make.bat unwindows (to uninstall)

Get Started πŸŽ‰

cariddi -h prints the help.

Usage of cariddi:
  -c int
     Concurrency level. (default 20)
     Use the .cariddi_cache folder as cache.
  -d int
     Delay between a page crawled and another.
     Print debug information while crawling.
  -e Hunt for juicy endpoints.
  -ef string
     Use an external file (txt, one per line) to use custom parameters for endpoints hunting.
     Hunt for errors in websites.
     Print the examples.
  -ext int
     Hunt for juicy file extensions. Integer from 1(juicy) to 7(not juicy).
  -h Print the help.
  -headers string
     Use custom headers for each request E.g. -headers "Cookie: auth=yes;;Client: type=2".
  -headersfile string
     Read from an external file custom headers (same format of headers flag).
     Print the output as JSON in stdout.
  -i string
     Ignore the URL containing at least one of the elements of this array.
     Hunt for useful informations in websites.
     Crawl searching for resources matching 2nd level domain.
  -it string
     Ignore the URL containing at least one of the lines of this file.
  -oh string
     Write the output into an HTML file.
  -ot string
     Write the output into a TXT file.
     Print only the results.
  -proxy string
     Set a Proxy to be used (http and socks5 supported).
     Use a random browser user agent on every request.
  -s Hunt for secrets.
  -sf string
     Use an external file (txt, one per line) to use custom regexes for secrets hunting.
     Store HTTP responses.
  -t int
     Set timeout for the requests. (default 10)
  -ua string
     Use a custom User Agent.
     Print the version.

Examples πŸ’‘

  • cariddi -version (Print the version)

  • cariddi -h (Print the help)

  • cariddi -examples (Print the examples)

  • cat urls | cariddi -s (Hunt for secrets)

  • cat urls | cariddi -d 2 (2 seconds between a page crawled and another)

  • cat urls | cariddi -c 200 (Set the concurrency level to 200)

  • cat urls | cariddi -e (Hunt for juicy endpoints)

  • cat urls | cariddi -plain (Print only results)

  • cat urls | cariddi -ot target_name (Results in txt file)

  • cat urls | cariddi -oh target_name (Results in html file)

  • cat urls | cariddi -ext 2 (Hunt for juicy (level 2 out of 7) files)

  • cat urls | cariddi -e -ef endpoints_file (Hunt for custom endpoints)

  • cat urls | cariddi -s -sf secrets_file (Hunt for custom secrets)

  • cat urls | cariddi -i forum,blog,community,open (Ignore urls containing these words)

  • cat urls | cariddi -it ignore_file (Ignore urls containing at least one line in the input file)

  • cat urls | cariddi -cache (Use the .cariddi_cache folder as cache)

  • cat urls | cariddi -t 5 (Set the timeout for the requests)

  • cat urls | cariddi -intensive (Crawl searching also subdomains, same as *

  • cat urls | cariddi -rua (Use a random browser user agent on every request)

  • cat urls | cariddi -proxy (Set a Proxy, http and socks5 supported)

  • cat urls | cariddi -headers "Cookie: auth=admin;type=2;; X-Custom: customHeader"

  • cat urls | cariddi -headersfile headers.txt (Read from an external file custom headers)

  • cat urls | cariddi -err (Hunt for errors in websites)

  • cat urls | cariddi -info (Hunt for useful informations in websites)

  • cat urls | cariddi -debug (Print debug information while crawling)

  • cat urls | cariddi -ua "Custom User Agent" (Use a custom User Agent)

  • cat urls | cariddi -json (Print the output as JSON in stdout)

  • cat urls | cariddi -sr (Store HTTP responses)

  • For Windows:

    • use powershell.exe -Command "cat urls | .\cariddi.exe" inside the Command prompt
    • or just cat urls | cariddi.exe using PowerShell
  • To integrate cariddi with Burpsuite follow these steps.

Changelog πŸ“Œ

Detailed changes for each release are documented in the release notes.

Contributing πŸ› 

Just open an issue/pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

Help me building this!

Special thanks to: go-colly, ocervell, zricethezav, projectdiscovery, tomnomnom, RegexPassive and all the contributors.

License πŸ“

This repository is under GNU General Public License v3.0. to contact me.