macOS
brew install cariddilocal Homebrew formula metadata
brew
Scan for endpoints, secrets, API keys, file extensions, tokens and more. Version 1.4.6 via Homebrew; verified 2026-06-15.
install
brew install cariddilocal Homebrew formula metadata
sudo apk add cariddiAlpine Linux edge package indexes · cariddi · source: dl-cdn.alpinelinux.org
nix profile install nixpkgs#cariddinixpkgs package indexes · pkgs/by-name/ca/cariddi/package.nix · source: api.github.com
overview
Scan for endpoints, secrets, API keys, file extensions, tokens and more
history
cariddi is a Go command-line web crawling and scanning tool for security reconnaissance. Its official README describes feeding it URLs or domains, then using flags to discover endpoints, secrets, API keys, file extensions, tokens, errors, and related web artifacts.
The public GitHub repository was created in 2021 under edoardottt/cariddi. The project presents itself as a small focused CLI rather than a service: install it with Go or a package manager, pipe targets into stdin, and compose flags for the kind of reconnaissance desired.
Official installation instructions list Homebrew, Snap, Go install, Pacman, NixOS, and source builds, while the input package facts also show packaging in Homebrew, apk, and Nix. That is the usual adoption shape for modern infosec CLIs: the tool lives upstream on GitHub, but package managers make it convenient to drop into bug bounty and automation environments.
cariddi reads targets from stdin or a file and can scan one URL or many. The README documents modes for secret hunting, endpoint discovery, extension checks, error checks, useful-information extraction, JSON output, proxy use, custom headers, custom ignore lists, cache use, timeout control, concurrency, and depth limits.
For package-manager catalogs, cariddi is a representative Go security CLI: a single executable, broad install coverage, and behavior centered on Unix pipelines. Its value in a package index is that a reconnaissance workflow can depend on the packaged binary instead of a local Go checkout.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
cariddi | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/edoardottt/cariddi
install metadata
| Package key | brew:cariddi |
|---|---|
| Version | 1.4.6 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/cariddi |
| Homepage | https://edoardottt.com/ |
| Repository | https://github.com/edoardottt/cariddi |
| Upstream docs | https://github.com/edoardottt/cariddi#readme |
| License | GPL-3.0-or-later |
| Source archive | https://github.com/edoardottt/cariddi/archive/refs/tags/v1.4.6.tar.gz |
| Last updated | 2026-06-15T10:20:11-04:00 |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | cariddi |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
cariddi
nix profile install nixpkgs#cariddicariddi 1.4.5-r4
Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
https://github.com/edoardottt/cariddi
sudo apk add cariddisource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.