cariddi

Crawl domains from list

$ cat [domains.txt] | cariddi

$ cat [domains.txt] | cariddi -s

$ cat [domains.txt] | cariddi -e

$ cat [urls.txt] | cariddi -intensive

$ cat [domains.txt] | cariddi -ext [3]

$ cat [domains.txt] | cariddi -proxy [http://127.0.0.1:8080]

$ cat [domains.txt] | cariddi -rua

cariddi [options]

cariddi is a reconnaissance tool that crawls URLs and scans for endpoints, secrets, API keys, file extensions, and tokens. It accepts domain lists via standard input, making it easy to chain with subdomain discovery tools in automated security assessment pipelines.
The tool performs passive analysis of crawled pages, extracting sensitive data such as hardcoded credentials, authentication tokens, and API keys using pattern matching. It supports configurable crawl depth, concurrency, and proxy settings for thorough yet controlled scanning.
Designed for bug bounty hunting and authorized penetration testing, cariddi outputs results in plain text or JSON format for integration with other security tools.

-s

Hunt for secrets

Hunt for endpoints

Hunt for useful information

Hunt for file extensions (1=juicy to 7=less juicy)

Crawl subdomains (*.target.com)

HTTP or SOCKS5 proxy

Random browser user agent per request

Crawl depth limit

Concurrent requests

Request timeout

Output file

JSON output format

Plain text output

- API keys and secrets
- Authentication tokens
- Sensitive file extensions
- Hidden endpoints
- Information disclosure

For authorized security testing only. Integrates well with subdomain discovery tools. GPL-3.0 licensed.

subfinder(1), httpx(1), nuclei(1)