As a bug bounty hunter, you need to get a good view of all the pages and endpoints your targets host. Manually enumerating these can become labour intensive, boring and on top of that, is prone to errors. Today we’re going to look at GoSpider, a tool that can do all this for us!
🙋♂️ What is GoSpider?
GoSpider is a tool written in Go by @j3ssiejjj that helps you to enumerate all endpoints on your target!
It takes a URL or a list of URLs and will then query them whilst scanning the responses for more URLs on the same domain. It will do this recursively and thus give you a ton of results!
🐱🏍 Our first run!
Check out the video below for an example of how you can use GoSpider!
👷♀️ Installing GoSpider
Want to install GoSpider? (On Kali)
- sudo apt install gospider
GoSpider is a simple, yet helpful tool to find those injection points for your secretive CRLFs. Start using it today and let’s get some bounties!
If you would like to recommend a tool for us to cover next week, then be sure to let us know down below. Also be sure to check out all the previous Hacker Tools articles, such as the last one on Waybackurls.
Did you know that there is a video accompanying this article? Check out the playlist!