Sigurlx – A Web Application Attack Surface Mapping Tool

sigurlx a web application attack surface mapping tool, it does …:

  • Categorize URLs URLs’ categories:  > endpoint
    > js {js}
    > style {css}
    > data {json|xml|csv}
    > archive {zip|tar|tar.gz}
    > doc {pdf|xlsx|doc|docx|txt}
    > media {jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff}
  • Next, probe HTTP requests to the URLs for status_codecontent_type, e.t.c 
  • Next, for every URL of category endpoint with a query: 


To display help message for sigurlx use the -h flag:

$ sigurlx -h

_ _
___(_) __ _ _ _ _ __| |_ __
/ __| |/ _` | | | | '__| \ \/ /
\__ \ | (_| | |_| | | | |> <
|___/_|\__, |\__,_|_| |_/_/\_\ v2.1.0

sigurlx [OPTIONS]

-iL input urls list (use `-iL -` to read from stdin)
-threads number concurrent threads (default: 20)
-update-params update params file

-delay delay between requests (default: 100ms)
-follow-redirects follow redirects (default: false)
-follow-host-redirects follow internal redirects i.e, same host redirects (default: false)
-http-proxy HTTP Proxy URL
-timeout HTTP request timeout (default: 10s)
-UA HTTP user agent

-nC no color mode
-oJ JSON output file (default: ./sigurlx.json)
-v verbose mode


From Binary

You can download the pre-built binary for your platform from this repository’s releases page, extract, then move it to your $PATHand you’re ready to go.
From Source

sigurlx requires go1.14+ to install successfully. Run the following command to get the repo

 go get -u

From Github

 git clone
cd sigurlx/cmd/sigurlx/
go build .
mv sigurlx /usr/local/bin/
sigurlx -h


Issues and Pull Requests are welcome!

Download Sigurlx


This is only an educational purposes only I am not responsible for further activities

Join my forum and learn more ethical hacking and penetration testing

Get me at


Leave a Reply

Your email address will not be published. Required fields are marked *