LinuxCommandLibrary

cariddi

crawl URLs for endpoints, secrets, and sensitive data

TLDR

Crawl domains from list

$ cat [domains.txt] | cariddi
copy
Hunt for secrets
$ cat [domains.txt] | cariddi -s
copy
Hunt for endpoints
$ cat [domains.txt] | cariddi -e
copy
Intensive subdomain crawling
$ cat [urls.txt] | cariddi -intensive
copy
Hunt for file extensions
$ cat [domains.txt] | cariddi -ext [3]
copy
Use proxy
$ cat [domains.txt] | cariddi -proxy [http://127.0.0.1:8080]
copy
Random user agent
$ cat [domains.txt] | cariddi -rua
copy

SYNOPSIS

cariddi [options]

DESCRIPTION

cariddi is a reconnaissance tool that crawls URLs and scans for endpoints, secrets, API keys, file extensions, and tokens. It accepts domain lists via standard input, making it easy to chain with subdomain discovery tools in automated security assessment pipelines.
The tool performs passive analysis of crawled pages, extracting sensitive data such as hardcoded credentials, authentication tokens, and API keys using pattern matching. It supports configurable crawl depth, concurrency, and proxy settings for thorough yet controlled scanning.
Designed for bug bounty hunting and authorized penetration testing, cariddi outputs results in plain text or JSON format for integration with other security tools.

PARAMETERS

-s

Hunt for secrets
-e
Hunt for endpoints
-info
Hunt for useful information
-ext level
Hunt for file extensions (1=juicy to 7=less juicy)
-intensive
Crawl subdomains (*.target.com)
-proxy url
HTTP or SOCKS5 proxy
-rua
Random browser user agent per request
-d depth
Crawl depth limit
-c n
Concurrent requests
-t seconds
Request timeout
-o file
Output file
-json
JSON output format
-plain
Plain text output

DETECTION TARGETS

- API keys and secrets
- Authentication tokens
- Sensitive file extensions
- Hidden endpoints
- Information disclosure

CAVEATS

For authorized security testing only. Integrates well with subdomain discovery tools. GPL-3.0 licensed.

SEE ALSO

subfinder(1), httpx(1), nuclei(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community