Introduction

After other side projects and less free time I had to leave Vestigo for a while

Discovering vulnerable endpoints on API / Websites

Médéric Burlet ・ Mar 9 ・ 2 min read

#security #api #devops #testing

With Hacktoberfest I decided to revisit this project and start to make it into something useful. When doing simple API tests I find myself often repeating the sames tasks.

• NMAP on the target
• Rust Scan
• DirBuster
• And more

The idea of Vestigo is to have a one tool that does all this with ease.

v0.5.0

Scan

Since the last update on Vestigo on dev.to there have been a few updates to the Scan command. It will now save reports in HTML and MD.

Those reports will be saved on the user profile ~/.vestigo

The scan comes with a whois module

Ports

v0.5.0 introduces the ports command which lets you portscan a target that is either an ip or a domain.

As of now only TCP scan has been integrated. But I plan to add UDP + reporting for this module.

I also want to add the possibility to try to curl the ports that possibly have a webserver. And in the future be able to detect the stack (wordpress, react, etc.)

Example command:

vestigo ports --target="127.0.0.1"

Going forward

The project is open source and on github so anyone wanting to participate in the development of this tool don't hesitate to open an issue based on the TO-DO list in the README.md with what you would like to tackle.

I hope this project can help many and that it can find some support and love.

yarn global add vestigo

npm i -g vestigo

vestigo

vestigo scan --target="https://127.0.0.1/" --method="GET" --no-shortlist
  --report="HTML"

vestigo ports --target="127.0.0.1" --protocol="TCP" --report="HTML"

~/.vestigo/<domain>/<ts>-vestigo.<extension&gt

Burlet Mederic
https://medericburlet.com
https://mederic.me
https://twitter.com/crimson_med