Find endpoints in the blink of an eye! GoSpider - Hacker Tools

Intigriti

23 Nov 202106:18

Summary

TLDRIn this hacker tools video, the presenter introduces Go Spider, a powerful web crawling tool designed to discover endpoints, subdomains, and other resources on a website. It efficiently scans web pages, identifies links, and can even recursively crawl through found files. The tool offers customization options like setting user agents, cookies, headers, and managing request speed to comply with platform rules. Advanced features include utilizing third-party archives and filtering results based on file length or extensions, making it an essential tool for initial target enumeration in cybersecurity assessments.

Takeaways

🕷️ Go Spider is a tool designed for web scraping and crawling web pages to discover various endpoints, subdomains, and other assets.
🔍 It operates by requesting a web page and then searching for links, JavaScript files, directories, subdomains, and endpoints, presenting a comprehensive map of the target's web presence.
🔄 The tool can recursively crawl through discovered files to uncover even more links and resources, creating a detailed web of the application's structure.
⚙️ Basic usage involves running Go Spider with the '-s' option to specify a URL, '-o' for output file, and '-c' for setting the number of concurrent requests.
🔑 'Big bounty parameters' like '-u' for user-agent and '-h' for custom headers can help comply with platform rules during scanning.
🚀 The tool can be configured for speed with parameters like '-threads' for setting the number of threads and '-concurrent' for concurrency level.
🛑 To avoid overwhelming targets, use '-k' or '-delay' to set a delay between requests, ensuring you stay within acceptable request limits.
🗂️ Advanced features include crawling JavaScript files with '-js', including subdomains with '-subs', and utilizing sitemaps and robots.txt with '-sitemap' and '-robots' respectively.
🔎 Go Spider can integrate with third-party archives like Common Crawl and Wayback Machine using '-h' or '-other-source' to find URLs from historical data.
⛔️ Use '-blacklist' with regex to exclude specific results or '-whitelist' to focus only on desired outcomes.
📊 Filtering options like '-l' or '-length' allow for the exclusion of certain file types or HTTP status codes to refine the scan results.

Q & A

What is Go Spider and what does it do?
-Go Spider is a tool that spiders web pages to crawl them and extract information such as endpoints, subdomains, and other links. It can also recursively crawl the discovered files to create a comprehensive web of the application's structure.
How does Go Spider perform a basic scan?
-To perform a basic scan, Go Spider is run with the '-s' option to input a URL, '-o' for output to specify an output file, and '-c' for concurrency to set the number of concurrent requests.
What are 'big bounty parameters' in Go Spider and why are they important?
-'Big bounty parameters' refer to options like user-agent, cookies, and headers that can be set with Go Spider to adhere to the rules of a platform and ensure ethical hacking practices.
How can Go Spider be configured to respect the speed limits of a target platform?
-Go Spider allows setting the number of threads with '-d', concurrency with '-c', and delay between requests with '-k' to control the speed and avoid overwhelming the target platform.
What additional features does Go Spider offer beyond basic crawling?
-Go Spider can find JavaScript files, include subdomains, crawl sitemaps, and utilize third-party archives like Common Crawl and Wayback Machine for more extensive data collection.
How can Go Spider be used to filter out unwanted results during a scan?
-Go Spider provides options like '-h' for excluding specific sources, '-l' to view file lengths, and '-f' to filter out specific lengths or extensions to refine the scan results.
What is the purpose of the '-blacklist' option in Go Spider?
-The '-blacklist' option allows users to supply a regex pattern to exclude results that match it, helping to focus on relevant data during a scan.
Can Go Spider handle multiple URLs at once?
-Yes, Go Spider can handle multiple URLs by using the '-s' option with a file that contains multiple links, allowing for batch processing of URLs.
How does Go Spider help in the initial enumeration of targets?
-Go Spider assists in the initial enumeration by mapping out the target's web structure, identifying running services, and providing a comprehensive overview of what's present on the target's web pages.
What is the recommended next step after using Go Spider for initial scanning?
-After the initial scan, the recommended next step is to analyze the results, identify important targets, and proceed with more focused and in-depth security testing.