This tool is designed to scan for common endpoints in RESTful services and Swagger applications. It's particularly useful in penetration testing and CTF (Capture the Flag) scenarios, allowing users to probe web applications for known paths and potential vulnerabilities.
The program accepts two main arguments:
-u: The base URL to scan (required)
-f: Path to a file containing additional endpoints (optional)
Scanning with just the base URL:
cargo run -- --url https://example.com
Scanning with a base URL and an additional endpoints file:
cargo run -- --url https://example.com --file rest_endpoints.txt
The program uses a default list of common endpoints. You can modify this list by editing
rest_endpoints.txt. For more targeted scans, you can use
sed or similar tools to replace parts of the paths, such as changing
/api/ to a different base path based on prior reconnaissance of the target site.
This project is licensed under the GNU General Public License v3.0 (GPLv3).