-
access website and try to find if there's hidden website/api
-
if some url of a domain returns 200OK that means it's very possible that it is an api
-
you can supply some keywords for the searcher to search or you can use bruteforce mode to search some combination of paths
-
there's a chance that the domain will block your ip, automatically switching to other proxise function is provided
- you have to provide a list of possible words for the program to access, that means you have to know the domain you want to search, e.g. on domain in Spotify then the possible word list will have [album,song,singer]
- you can write your own program to generate the list of possible words you want
- the output contain list of url that return some positive response, you can write other program to phrase or process it
- make sure the setting file is in correct format, no checker for the format file
- extended searching mode: search on some program scripts, not just accessing the directory itself. E.g. domain/api/api.php
- versioned searching mode: searching path will append a versioned path. e.g. domain/v1/api.php. Many public api has this feature.
- http methods: it provides many methods, some api maybe unable to access on "GET" but able to access on "POST". different HTTP accessing methods are provided
- port scanning mode: not just scan the standard 80 port, it also scan all the ports
- https mode: scan both port 443 and 80(if port scanning and https mode is off, then it always search port 80)
- threads: you can adjust the number of threads to scan ports and scan words. If you have a long list of words, but do not do port scanning, then you should set more threads to search on word, and fewer threads to search on port. Vice versa, if you have port scanning activated, you should have more port scanning threads
domain = domain that we want to search
inputFileName = the file that contains all the possible word list
portScanningMode = search all the ports
HTTPmethods = HTTP methods to work with
allowedStatusCodes = response that is possible an api will return
httpsMode = search both port 80 and 443
timeOut = request time out time, when request wait excess this time then we will give up on the request
threadsToScanPort = number of threads to scan the ports
threadsToScanWord = number of threads to scan the words
versionedSearchMode = search on the version code e.g. doamin/v1/{path}
verionNameList = version name to be searched
bruteForceMode = auto generate some words to search, do not read from file
sizeOfWord = size of the word generated when using brute force
bruteForceString = the characters that will be permutated to generate the word, when it's null, then it's all digits+upper letters and lower case letters
extendedSearchMode = search on common files name beside the path itself, e.g. doamin/path/index.js
commonFileNames = common file name in a server
commonFileSuffixs = common programming language suffix of file
printLog = print the log when searching, i.e. URL that accessing
printErr = print error message when searching
proxiesOnChangeMode = change the proxy when the response status code is some status codes, e.g. 403
alwaysUseProxy = it will use proxy in the list automatically when start, if it's false, we don't use proxy unless it hit the condition that some response status codes are the one in statusCodesChangeProxy
statusCodesChangeProxy = the status code that we will change proxy
proxiesList = proxy that is going to be used in the request