关于Cariddi
Cariddi是一款功能强大的信息收集与扫描工具,我们只需给它提供一个域名列表,Cariddi就能够帮助我们爬取URL地址,扫描终端节点,并搜索敏感数据、API密钥、文件后缀和令牌等信息。
工具安装
首先,我们需要在本地设备上安装并配置好Go环境。
Linux安装
首先,广大研究人员可以使用下列命令将该项目源码克隆至本地:
://github.com/edoardottt/cariddi.gitcd cariddigo get
运行下列命令即可安装Cariddi:
make linux运行下列命令即可卸载Cariddi:
make unlinux或者,我们也可以直接运行下列一行命令:
git clone https://github.com/edoardottt/cariddi.git; cd cariddi; go get; make linuxWindows安装(可执行程序只能在cariddi目录下运行)
首先,广大研究人员可以使用下列命令将该项目源码克隆至本地:
://github.com/edoardottt/cariddi.gitcd cariddigo get
运行下列命令即可安装Cariddi:
.make.bat windows运行下列命令即可卸载Cariddi:
.make.bat unwindows工具使用
在命令行窗口中运行命令“cariddi -h”,即可查看工具的帮助信息:
Usage of cariddi:-c intConcurrency level. (default 20)-cacheUse the .cariddi_cache folder as cache.-d intDelay between a page crawled and another.-e Hunt for juicy endpoints.-ef stringUse an external file (txt, one per line) to use custom parameters for endpoints hunting.-examplesPrint the examples.-ext intHunt for juicy file extensions. Integer from 1(juicy) to 7(not juicy).-h Print the help.-i stringIgnore the URL containing at least one of the elements of this array.-intensiveCrawl searching for resources matching 2nd level domain.-it stringIgnore the URL containing at least one of the lines of this file.-oh stringWrite the output into an HTML file.-ot stringWrite the output into a TXT file.-plainPrint only the results.-s Hunt for secrets.-sf stringUse an external file (txt, one per line) to use custom regexes for secrets hunting.-t intSet timeout for the requests. (default 10)-versionPrint the version.
工具使用样例
Linux环境
cariddi -version (打印工具版本信息)cariddi -h (打印工具帮助信息)cariddi -examples (输出样例)cat urls | cariddi -s (搜索敏感信息)cat urls | cariddi -d 2 (设置页面爬取间隔为2秒)cat urls | cariddi -c 200 (将并发级别设置为200)cat urls | cariddi -e (搜索有价值的终端节点)cat urls | cariddi -plain (仅输出有用的信息)cat urls | cariddi -ot target_name (将结果存储至txt文件中)cat urls | cariddi -oh target_name (将结果存储至html文件中)cat urls | cariddi -ext 2 (搜索有价值的文件(等级2-7))cat urls | cariddi -e -ef endpoints_file (搜索自定义终端节点)cat urls | cariddi -s -sf secrets_file (搜索自定义敏感信息)cat urls | cariddi -i forum,blog,community,open (忽略包含这些关键词的URL)cat urls | cariddi -it ignore_file (忽略包含输入文件中内容的URL)cat urls | cariddi -cache (使用.cariddi_cache作为缓存目录)cat urls | cariddi -t 5 (设置请求超时)cat urls | cariddi -intensive (爬取搜索与第二级域匹配的资源)
Windows使用样例
powershell.exe -Command "cat urls | .cariddi.exe"
渗透工具|提权|内网|SRC|CS端安全测试|安全加固等资料分享
Apache Tomcat 自动 WAR 部署和 渗透测试工具
欢迎关注LemonSec
觉得不错点个“赞”、“在看”哦
本文始发于微信公众号(LemonSec):如何使用Cariddi扫描域名相关的各种敏感信息
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论