csprecon
« Back to VersTracker
Description:
Discover new target domains using Content Security Policy
Type: Formula  |  Latest Version: 0.4.3@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  @edoardottt  |  formulae.brew.sh
Category: Security
Tags: osint reconnaissance security subdomain pentesting
Install: brew install csprecon
About:
csprecon is an OSINT tool that analyzes Content Security Policy headers to uncover hidden and forgotten subdomains. By parsing CSP policies, it reveals new attack surfaces and potential targets that traditional recon methods might miss. This provides security professionals with deeper visibility into an organization's digital footprint.
Key Features:
  • Parses Content Security Policy headers to extract domain information
  • Fast and efficient Go-based implementation
  • Supports multiple input sources including URLs and files
  • Integrates with other reconnaissance workflows
  • Provides clean, actionable output for further analysis
Use Cases:
  • Expanding attack surface during penetration testing engagements
  • Performing OSINT reconnaissance on target organizations
  • Identifying forgotten or shadow IT infrastructure
  • Mapping relationships between different web properties
Alternatives:
  • subfinder – subfinder uses multiple passive sources, while csprecon specifically focuses on CSP header analysis as a unique data source
  • amass – amass provides comprehensive enumeration including active scanning, whereas csprecon offers a lightweight CSP-focused approach
License: MIT
Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, sonoma, arm64_linux, x86_64_linux
Version History
Detected Version Rev Change Commit
Oct 9, 2025 11:03am 0 VERSION_BUMP 16402a12
Oct 7, 2025 7:12am 0 VERSION_BUMP 806238f4
Sep 13, 2025 8:23pm 0 VERSION_BUMP 1f631de2
Sep 27, 2024 10:27am 0 VERSION_BUMP 6e898d32
Sep 27, 2024 9:29am 0 VERSION_BUMP f2e42287
« Back to VersTracker  |  Browse Packages  |  About