Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infinity scan #176

Open
bafmaamy opened this issue Feb 14, 2025 · 1 comment
Open

Infinity scan #176

bafmaamy opened this issue Feb 14, 2025 · 1 comment

Comments

@bafmaamy
Copy link

Hi, I`m facing the issue with never stop rotating of the urls:

cat alljsKatana3.txt | wc -l
763

and run it lead many hours and never completing the task:

cat alljsKatana3.txt | cariddi -s -e -info -debug -intensive -rua -ot carridi-3.txt | nl -w1 -s' '

   ___ __ _ _ __ _  __| | __| |_ 
  / __/ _` | '__| |/ _` |/ _` | |
 | (_| (_| | |  | | (_| | (_| | |
  \___\__,_|_|  |_|\__,_|\__,_|_| v1.3.5

 > github.com/edoardottt/cariddi
 > edoardoottavianelli.it
========================================
1 https://api.example.com/assets/js/minut-logo.js
2 https://api.examplecom/assets/js/utils.js
3 https://web.example.com/assets/account-a0f8b42b.js
4 https://web.example.com/assets/addbutton-fe9b96a7.js
5 https://web.example.com/assets/addmemberaccess-2d595b3f.js
...
962 https://web.example.com/assets/index.prod-b7001dcf.js
963 https://web.example.com/assets/Sandbox-1f8107bb.js
964 https://web.example.com/assets/ReferralProgram-d6b41742.js
965 https://web.example.com/assets/ParadiseHomeDetails-d254b92d.js
966 https://web.example.com/assets/HomeGroupsDropdown-1a374883.js
967 https://web.example.com/assets/IncidentReportDialogContainer-c6335b08.js
968 https://web.example.com/assets/SettingTimeRange-254abaf4.js
^C

Maybe because of the high amounts of links or something, I`m not sure, can't catch it. Some other tasks with different domains works well.
@edoardottt
Copy link
Owner

Hi @bafmaamy !

I'm not understanding completely the problem.
First of all, what does the inpuf file contain? Consider that cariddi is able to parse HTML and XML files, if you give js urls as input I'm not sure what could be the result. So an ideal input would be the FQDN or a path with content type HTML.

Then, you are using a lot of scan flags (secrets, info, errors) and also using intensive mode. This means cariddi will crawl every subdomain under the all the root domains (e.g. *.example.com and all the other root domains as input).
Since scanning for secrets, informations etc. takes a lot of time, probably it hangs because cariddi has to scan a gazillion of GBs.

Lastly, as far as I am aware, katana has a default depth level of 2, which is not present in cariddi. The katana results could be limited for that reason.

Let me know here your toughts, happy to help and support.

edoardo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@edoardottt @bafmaamy