cariddi 命令

常用示例

说明

cariddi is a reconnaissance tool that crawls URLs and scans for endpoints, secrets, API keys, file extensions, and tokens. It accepts domain lists via standard input, making it easy to chain with subdomain discovery tools in automated security assessment pipelines. The tool performs passive analysis of crawled pages, extracting sensitive data such as hardcoded credentials, authentication tokens, and API keys using pattern matching. It supports configurable crawl depth, concurrency, and proxy settings for thorough yet controlled scanning. Designed for bug bounty hunting and authorized penetration testing, cariddi outputs results in plain text or JSON format for integration with other security tools.

参数

-s

Hunt for secrets

-e

Hunt for endpoints

-info

Hunt for useful information

-ext _level_

Hunt for file extensions (1=juicy to 7=less juicy)

-intensive

Crawl subdomains (*.target.com)

-proxy _url_

HTTP or SOCKS5 proxy

-rua

Random browser user agent per request

-d _depth_

Crawl depth limit

-c _n_

Concurrent requests

-t _seconds_

Request timeout

-o _file_

Output file

-json

JSON output format

-plain

Plain text output