Automic VaultAutomic Vault

brew

Install cariddi with Homebrew, apk, Nix

Scan for endpoints, secrets, API keys, file extensions, tokens and more. Version 1.4.6 via Homebrew; verified 2026-06-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install cariddi

local Homebrew formula metadata

Linux

Alpine Linux apkverified · 92%
sudo apk add cariddi

Alpine Linux edge package indexes · cariddi · source: dl-cdn.alpinelinux.org

Nixverified · 92%
nix profile install nixpkgs#cariddi

nixpkgs package indexes · pkgs/by-name/ca/cariddi/package.nix · source: api.github.com

overview

Package summary

Scan for endpoints, secrets, API keys, file extensions, tokens and more

Commands and aliases

  • cariddi

history

Project history and usage

cariddi is a Go command-line web crawling and scanning tool for security reconnaissance. Its official README describes feeding it URLs or domains, then using flags to discover endpoints, secrets, API keys, file extensions, tokens, errors, and related web artifacts.

Project history

The public GitHub repository was created in 2021 under edoardottt/cariddi. The project presents itself as a small focused CLI rather than a service: install it with Go or a package manager, pipe targets into stdin, and compose flags for the kind of reconnaissance desired.

Adoption history

Official installation instructions list Homebrew, Snap, Go install, Pacman, NixOS, and source builds, while the input package facts also show packaging in Homebrew, apk, and Nix. That is the usual adoption shape for modern infosec CLIs: the tool lives upstream on GitHub, but package managers make it convenient to drop into bug bounty and automation environments.

How it is used

cariddi reads targets from stdin or a file and can scan one URL or many. The README documents modes for secret hunting, endpoint discovery, extension checks, error checks, useful-information extraction, JSON output, proxy use, custom headers, custom ignore lists, cache use, timeout control, concurrency, and depth limits.

Why package nerds care

For package-manager catalogs, cariddi is a representative Go security CLI: a single executable, broad install coverage, and behavior centered on Unix pipelines. Its value in a package index is that a reconnaissance workflow can depend on the packaged binary instead of a local Go checkout.

Timeline

  • 2021: Public GitHub repository created.
  • 2020s: README documents Homebrew, Snap, Go install, Pacman, NixOS, and source-build installation paths.
  • 2020s: Package facts show availability through Homebrew, apk, and Nix.

Related projects

  • Related package-manager neighbors are other bug-bounty and reconnaissance CLIs that accept URL lists on stdin and emit findings suitable for pipelines.
  • The README points users to Go for source builds and to shell-oriented package managers for installation.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
cariddicliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.4.6
manager updated2026-06-15
local dataok
upstreamcurrent
latest detectedv1.4.6

https://github.com/edoardottt/cariddi

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:cariddi
Version1.4.6
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/cariddi
Homepagehttps://edoardottt.com/
Repositoryhttps://github.com/edoardottt/cariddi
Upstream docshttps://github.com/edoardottt/cariddi#readme
LicenseGPL-3.0-or-later
Source archivehttps://github.com/edoardottt/cariddi/archive/refs/tags/v1.4.6.tar.gz
Last updated2026-06-15T10:20:11-04:00
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namecariddi
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

cariddi

nix profile install nixpkgs#cariddi
  • normalized package name match
  • Matched by: Cariddi
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ca/cariddi/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
apk95%

cariddi 1.4.5-r4

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

https://github.com/edoardottt/cariddi

sudo apk add cariddi
  • License: GPL-3.0-or-later
  • Architecture: x86_64
  • Source Package: cariddi
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Cariddi
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: cariddi from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment