A tool for exploring and investigating APIs.

Usage no npm install needed!

<script type="module">
  import vestigo from '';



A tool for exploring and investigating APIs and websites.


ocliff with npm and vestigo is broken to use the tool clone the repo


You can install it globally with:

yarn global add vestigo
npm i -g vestigo

Then run the tool



Scan Example:

vestigo scan --target="" --method="GET" --no-shortlist 

Port Example:

vestigo ports --target="" --protocol="TCP" --report="HTML"

As of now reports will be saved at:

  • <domain> = hostname of the target or the ip
  • <ts> = timestamp of the scan finished
  • <extension> = extension chosen for report (md, html)



Vestigo will by default generate a mardown report. You can use parameters to set the report format to HTML.

Dev Run

To run the tool in dev mode use:

bin/run scan --target="" --method="GET" --report="HTML" -w

To Finish

  • Add TCP port scan
  • Add UDP port scan
  • Add Report for port scan

To Do

  • Get path disclosures for basic get
  • Set the ssl header on a flag
  • Detect and render in the report if bad ssl check
  • Add OS analysis from path disclosure
  • Add verbose parameters
  • Make a request queuing + proxy (param for time between rq)
  • Add for better logging
  • Add release-it
  • Add homebrew distribution
  • Add parameter for choosing report save location