I know, I know, that is the coolest name ever. While doing assignment 1 for webapp security (which I’ll post a write up of at some point next week, well after the due date), I discovered that there was no useful tool, that worked out of the box, to spider a domain and scrape all of it’s pages to create a wordlist for bruteforcing, whether that be for subdomains or passwords. And so, here we are, I present to you my next project, spiderforce (I was going to do an rsa thing, but that can wait).
It’ll be in python3 (I’m migrating from python 2, unfortunately), and use burp style scoping (substring match at least one in-scope string and no out-of-scope string), with a possible extension to regex but we’ll see how it goes. It’s pretty much WYSIWYG, so it’ll just spider a scope and build a wordlist from all the text. I’m sure it’s easier said than done though, that involves parsing around tags (or I could just take the easy way out and strip brackets, design iterations), but I might need to render javascript or whatever first? who knows, but I’ll find out.
My Portfolio 