Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs. I use this for reconnaissance purposes while bug bounty hunting.
$ cat hosts.txt http://example.com/ $ cat hosts.txt | csp example.com subdomain.example.com ...
Set concurrency level using the
$ csp -h Usage of csp: -c int set the concurrency level (default 20) $ cat hosts.txt | csp -c 2 ...
$ go get -u github.com/edoverflow/csp
You can also download a binary and put it in your
$PATH (e.g. in
I welcome contributions from the public.
Using the issue tracker 💡
The issue tracker is the preferred channel for bug reports and features requests.
Issues and labels 🏷
The bug tracker utilizes several labels to help organize and identify issues.
Guidelines for bug reports 🐛
Use the GitHub issue search — check if the issue has already been reported.