Introduction

Recently we had to do a security audit on a client's API. However the documentation was very poor. After using some basic tools such as Zed Attack Proxy or Golismero.

The report though kept haunting me for one reason when I was working on the API I realized that the error page had some path disclosure that were showing the Operating System.

I also realized that still many websites and APIs have endpoints which are not always protected with logins. Some people think that as long as the person does not know the url / endpoint then its safe.

So I decided in my free time to make a small tool to help find existing urls / endpoints and recover all the paths and urls in the response as well as basic information such as if CORS is set up and more.

Vestigo

Hence was born Vestigo, it can scan a given website or URL with a short or long list of endpoints.

NPM: https://www.npmjs.com/package/vestigo
Github: https://github.com/crimson-med/vestigo

Here is a list of current features:

• endpoint analysis
• url / path discovery
• basic website analysis
• md / html report generator

Upcoming features:

• Customizable flag for allowing non SSL secured websites to be excluded.
• Display and render bad ssl configurations.
• Add domain whois / ip reverse lookup.
• Add OS detection
• Add port scan (for common ports)
• Add verbose parameters for debugging
• Make a request queuing system (not to spam to much)
• Add a proxy system for requests
• Add https://www.npmjs.com/package/listr for better logging
• Add parameter for choosing report save location