GoSpider β Hacker Tools: Enumerate the web! π©βπ»
By Anna Hammond
November 23, 2021
Last updated on March 6, 2025
As a bug bounty hunter, you need to get a good view of all the pages and endpoints your targets host. Manually enumerating these can become labour intensive, boring and on top of that, is prone to errors. Today weβre going to look at GoSpider, a tool that can do all this for us!
Photo by Pixabay on Pexels.com
πββοΈ What is GoSpider?
GoSpider is a tool written in Go by @j3ssiejjj that helps you to enumerate all endpoints on your target!
It takes a URL or a list of URLs and will then query them whilst scanning the responses for more URLs on the same domain. It will do this recursively and thus give you a ton of results!
π±βπ Our first run!
Check out the video below for an example of how you can use GoSpider!
π·ββοΈ Installing GoSpider
Want to install GoSpider? (On Kali)
sudo apt install gospider
π§ Conclusion
GoSpider is a simple, yet helpful tool to find those injection points for your secretive CRLFs. Start using it today and letβs get some bounties!
If you would like to recommend a tool for us to cover next week, then be sure to let us know down below. Also be sure to check outΒ all the previous Hacker Tools articles, such asΒ the last one on Waybackurls.
Did you know that there is a video accompanying this article? Check outΒ the playlist!
You may also like
June 27, 2026
Exploiting insecure cookie policies
Cookies are one of the most fundamental building blocks of the modern web, and yet they are often overlooked from a security perspective. When misconfigured, they can potentially lead to exposure of sensitive session data, enable several client-side attacks, and in severe cases, even allow attackers
June 24, 2026
Exploiting web cache poisoning vulnerabilities
Web (or HTTP) caching is a highly adopted practice to effectively optimize web page loading times for clients. However, as with most technologies, when incorrectly implemented, it may open up a new exploitable attack surface for us to look into. In this article, we'll cover what web cache poisoning
April 30, 2026
Exploiting SQL injection vulnerabilities
Most assume that SQL injection is a solved problem in today's application landscape, especially with increased awareness of secure coding practices (such as resorting to prepared statements or parameterized queries) and the widespread adoption of NoSQL databases. However, in practice, SQLi vulnerabi
