cariddi

cariddi is a CLI tool that scans websites and crawls domain URLs to find hidden endpoints, secrets, API keys, file extensions and tokens.

This tool enumerates endpoints (admin or login pages), detects exposed secrets (API keys or credentials) and scans for sensitive file types on websites. It supports custom endpoint lists and regex patterns for secrets detection, with adjustable concurrency and request delays to avoid server overload. It also integrates with burpsuite, can save HTTP responses and output results to JSON or text files for later analysis.

cariddi is useful for bug bounty hunters, penetration testers and security professionals to quickly scan a target web application for ethical pentesting. It is also ideal for uncovering hidden pages and potential data leaks during vulnerability assessments directly from the terminal.