GoSpider – Hacker Tools: Enumerate the web! πŸ‘©β€πŸ’»

By Anna Hammond

November 23, 2021

Last updated on March 6, 2025

GoSpider – Hacker Tools:  Enumerate the web! πŸ‘©β€πŸ’»

As a bug bounty hunter, you need to get a good view of all the pages and endpoints your targets host. Manually enumerating these can become labour intensive, boring and on top of that, is prone to errors. Today we’re going to look at GoSpider, a tool that can do all this for us!

Photo by Pixabay on Pexels.com

πŸ™‹β€β™‚οΈ What is GoSpider?

GoSpider is a tool written in Go by @j3ssiejjj that helps you to enumerate all endpoints on your target!

It takes a URL or a list of URLs and will then query them whilst scanning the responses for more URLs on the same domain. It will do this recursively and thus give you a ton of results!

πŸ±β€πŸ Our first run!

Check out the video below for an example of how you can use GoSpider!

πŸ‘·β€β™€οΈ Installing GoSpider

Want to install GoSpider? (On Kali)

  1. sudo apt install gospider

🚧 Conclusion

GoSpider is a simple, yet helpful tool to find those injection points for your secretive CRLFs. Start using it today and let’s get some bounties!

If you would like to recommend a tool for us to cover next week, then be sure to let us know down below. Also be sure to check outΒ all the previous Hacker Tools articles, such asΒ the last one on Waybackurls.


Did you know that there is a video accompanying this article? Check outΒ the playlist!

You may also like

Cookies are one of the most fundamental building blocks of the modern web, and yet they are often overlooked from a security perspective. When misconfigured, they can potentially lead to exposure of sensitive session data, enable several client-side attacks, and in severe cases, even allow attackers

Read more

Web (or HTTP) caching is a highly adopted practice to effectively optimize web page loading times for clients. However, as with most technologies, when incorrectly implemented, it may open up a new exploitable attack surface for us to look into. In this article, we'll cover what web cache poisoning

Read more

Most assume that SQL injection is a solved problem in today's application landscape, especially with increased awareness of secure coding practices (such as resorting to prepared statements or parameterized queries) and the widespread adoption of NoSQL databases. However, in practice, SQLi vulnerabi

Read more