csprecon

csprecon

442 Stars

Discover new target domains using Content Security Policy

edoardottt
Bug-bounty
May 31, 2025
442 stars
View on GitHub
Share on:
X LinkedIn Facebook WhatsApp Telegram Reddit Email
Category
Bug-bounty
GitHub Stars
442
Project Added On
May 31, 2025
Contributors
2

README.md

View on GitHub

csprecon

Discover new target domains using Content Security Policy

Coded with 💙 by edoardottt

go action go report card
Share on Twitter!

InstallGet StartedExamplesChangelogContributingLicense

Install 📡

Homebrew

brew install csprecon

Snap

sudo snap install csprecon

Go

go install github.com/edoardottt/csprecon/cmd/csprecon@latest

Get Started 🎉 

Usage:
  csprecon [flags]

Flags:
INPUT:
   -u, -url string   Input domain
   -l, -list string  File containing input domains
   -cidr             Interpret input as CIDR

CONFIGURATIONS:
   -d, -domain string[]  Filter results belonging to these domains (comma separated)
   -c, -concurrency int  Concurrency level (default 50)
   -t, -timeout int      Connection timeout in seconds (default 10)
   -rl, -rate-limit int  Set a rate limit (per second)
   -px, -proxy string    Set a proxy server (URL)

OUTPUT:
   -o, -output string  File to write output results
   -v, -verbose        Verbose output
   -s, -silent         Silent output. Print only results
   -j, -json           JSON output

Examples 💡

Grab all possible results from single domain

csprecon -u https://www.github.com

echo https://www.github.com | csprecon

Grab all possible results from a list of domains (protocols needed!)

csprecon -l targets.txt

cat targets.txt | csprecon

Grab all possible results belonging to specific target(s) from a list of domains (protocols needed!)

cat targets.txt | csprecon -d google.com

Grab all possible results from single CIDR

csprecon -u 192.168.1.0/24 -cidr

Set a rate limit of 10 requests per second

cat targets.txt | csprecon -rl 10

JSON Output

cat targets.txt | csprecon -j

Use a Proxy

cat targets.txt | csprecon -px http://127.0.0.1:8080

Changelog 📌

Detailed changes for each release are documented in the release notes.

Contributing 🛠

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren’t errors, go ahead :)

In the news 📰

License 📝

This repository is under MIT License.
edoardottt.com to contact me.

Tool Information

Author

edoardottt

Project Added On

May 31, 2025

License

Open Source

Tags

bounty-hunting bugbounty bugbounty-tool content-security-policy csp golang hacking hacktoberfest information-retrieval offensive-security offensivesecurity recon recon-tool reconnaissance security security-tools
View on GitHub

Related Tools

ZoomeyeSearch

ZoomeyeSearch

A powerful CLI tool that uses ZoomEye to search exposed services, gather intelligence, and automate reconnaissance.

Stable
NucleiPrompt

NucleiPrompt

Nuclei Prompt Scanner adalah tools berbasis Python yang memanfaatkan Nuclei dan AI Prompting untuk melakukan pemindaian kerentanan pada web target berdasarkan kategori OWASP dan lainnya, dengan antarmuka interaktif berbasis CLI (command-line).

Stable
altdns

altdns

Generates permutations, alterations and mutations of subdomains and then resolves them

Stable
View more Bug-bounty tools