Rinzler

Overview

A somewhat intelligent Web API scanner for security testing and reconnaissance.

Under active development. This is in pre-alpha and is intended for learning purposes only. It may contain security and performance issues. Core features implemented: crawling with security analysis, forced browsing/fuzzing, database persistence, and multi-format reporting.

Features

• Web Crawling: Multi-threaded async crawling with configurable depth and worker pools
• Forced Browsing: Dictionary-based directory enumeration with distributed workers
• Security Analysis: Passive detection of insecure transport, sensitive files, and server errors
• Cross-domain Control: Stay on target or follow external links with prompt/auto modes
• Progress Tracking: Real-time worker status with progress bars for each thread
• Multi-format Reports: Generate reports in text or JSON format with optional sitemaps
• SQLite Backend: Persistent storage with severity ratings, CWE/OWASP categorization
• Embedded Wordlists: Default API endpoint wordlist with 99 entries included

Where to find Rinzler

https://github.com/trapdoorsec/rinzler