A private detective that gathers information you're not supposed to know about.
Detective helps you find information (at your favorite bug bounty program) that you are not supposed to see. It primarily focuses on information disclosure and sensitive data exposure vulnerabilities.
First make sure you’re on Python 2.7/3.3 or higher. Then run the command below to install Detective.
$ pip install --upgrade detective
usage: detective [-h] -d DOMAIN [-pmm] [-cos] [-coh] [-cot] [-siv] [-md MAX_DEPTH] [-mt MAX_THREADS] required arguments: -d DOMAIN, --domain DOMAIN the domain to crawl (e.g. https://finnwea.com) optional arguments: -h, --help show this help message and exit -pmm, --protocol-must-match only crawl pages with the same protocol as the startpoint (e.g. only https) -cos, --crawl-other-subdomains also crawl pages that have another subdomain than the startpoint -coh, --crawl-other-hostnames also crawl pages that have another hostname than the startpoint -cot, --crawl-other-tlds also crawl pages that have another tld than the startpoint -siv, --stop-if-vulnerable stop crawling if a vulnerability was found -md MAX_DEPTH, --max-depth MAX_DEPTH the maximum search depth (default is unlimited) -mt MAX_THREADS, --max-threads MAX_THREADS the maximum amount of simultaneous threads to use (default is 8)
detective -d https://finnwea.com -siv
Issues or new features can be reported via the GitHub issue tracker. Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.
Detective is open-sourced software licensed under the MIT license.