Introduction
After other side projects and less free time I had to leave Vestigo for a while
Discovering vulnerable endpoints on API / Websites
Médéric Burlet ・ Mar 9 ・ 2 min read
With Hacktoberfest I decided to revisit this project and start to make it into something useful. When doing simple API tests I find myself often repeating the sames tasks.
- NMAP on the target
- Rust Scan
- DirBuster
- And more
The idea of Vestigo is to have a one tool that does all this with ease.
v0.5.0
Scan
Since the last update on Vestigo on dev.to there have been a few updates to the Scan command. It will now save reports in HTML and MD.
Those reports will be saved on the user profile ~/.vestigo
The scan comes with a whois module
Ports
v0.5.0 introduces the ports command which lets you portscan a target that is either an ip or a domain.
As of now only TCP scan has been integrated. But I plan to add UDP + reporting for this module.
I also want to add the possibility to try to curl the ports that possibly have a webserver. And in the future be able to detect the stack (wordpress, react, etc.)
Example command:
vestigo ports --target="127.0.0.1"
Going forward
The project is open source and on github so anyone wanting to participate in the development of this tool don't hesitate to open an issue based on the TO-DO list in the README.md with what you would like to tackle.
I hope this project can help many and that it can find some support and love.
crimson-med / vestigo
A tool for exploring and investigating APIs and websites.
Vestigo
A tool for exploring and investigating APIs and websites.
IMPORTANT
ocliff with npm and vestigo is broken to use the tool clone the repo
Installation
You can install it globally with:
yarn global add vestigo
npm i -g vestigo
Then run the tool
vestigo
Running
Scan Example:
vestigo scan --target="https://127.0.0.1/" --method="GET" --no-shortlist
--report="HTML"
Port Example:
vestigo ports --target="127.0.0.1" --protocol="TCP" --report="HTML"
As of now reports will be saved at:
~/.vestigo/<domain>/<ts>-vestigo.<extension>
-
<domain>
= hostname of the target or the ip -
<ts>
= timestamp of the scan finished -
<extension>
= extension chosen for report (md, html)
Functionalities
Report
Vestigo will by default generate a mardown report. You can use parameters to set the report format to HTML.
Dev Run
To run the tool in dev mode use:
…Burlet Mederic
https://medericburlet.com
https://mederic.me
https://twitter.com/crimson_med
Top comments (0)