Stealthy Content Discovery Scanner
Cloud-based, headless web crawler.
- Headless web crawler
- JavaScript File Enumeration
- Common File Enumeration & External Source Fetching
Stealthy. Versatile. Simple.
Watch the short demo video and explore it yourself.
- Mimic User Behaviour
- SPIDER X mimics user behaviour as it crawls pages using a headless crawler and a valid User-Agent.
- Find More Content
- With the built-in headless crawler, you'll be able to find much more app routes, API endpoints, and JavaScript files!
- Built-in URL Filter
- Easily get rid of useless 404 pages with our built-in option to filter for URLs.
- Versatile
- SPIDER X fully integrates with our platform! You can easily select and send multiple URLs to get them scanned for other security vulnerabilities!
- Detailed Overview
- An easy & detailed overview, with numerous filters to easily find patterns for what you're looking for: vulnerabilities.
- Export Results
- Export your results with a single click and process URLs however you like.
FAQ
Frequently asked questions
Is SPIDER X a headless web crawler?
Yes, that's what makes it powerful over other tools that are currently in the market. It is able to stealthily mimic normal user behaviour and with that intercept every single request sent from and to the client (web browser). This in turn allows it to pickup javascript files that are dynamically included as well for example, an approach that most modern web frameworks use to minimize load times and increase performance.
Does SPIDER X perform bruteforcing?
No, currently SPIDER X is not capable of bruteforcing commonly present files and other patterns. However, this is something we consider adding in future generations of SPIDER X.
Is SPIDER X capable of performing JavaScript file enumeration?
Yes, as afterall, the most interesting app routes and endpoints are mostly referenced in JavaScript files.