Advanced Host Discovery & Historical URL Analysis Plugin for Caido
PastHunter is a powerful Caido plugin that extracts host addresses from your HTTP traffic and integrates with the Wayback Machine to discover historical URLs for comprehensive reconnaissance.
- 🎯 Real-time Host Discovery: Automatically extracts domains and subdomains from Caido HTTP traffic
- 🕰️ Wayback Machine Integration: Fetches up to 10,000 historical URLs per domain from the Internet Archive
- 📋 Smart Organization:
- Scrollable host list with clean interface
- Domain-by-domain wayback results with navigation
- Responsive design that fits any screen
- 🔄 Bulk Operations: Copy all URLs from a domain with one click
- 🎨 Modern UI: Colorful, intuitive interface with dark/light mode support
- ⚡ Performance Optimized: Efficient scrolling containers that stay within screen boundaries
- Download the latest release from the Releases page
- In Caido, go to Settings > Plugins
- Click Install Plugin and select the downloaded file
- The plugin will appear in your sidebar as "PastHunter"
- Click "Initialize from Recent Requests" to scan your Caido traffic
- The plugin will extract all unique hosts from your HTTP requests
- Browse through discovered hosts using the scrollable interface
- Click the "Wayback" button next to any discovered host
- PastHunter will query the Internet Archive for historical URLs
- Navigate between domains using the Previous/Next buttons
- Use "Copy All URLs" to copy all historical URLs for a domain
- Copy Individual Hosts: Click "Copy" next to any host
- Copy All URLs: Bulk copy all historical URLs for a domain
- Scrollable Results: No pagination needed - smooth scrolling through all results
- Responsive Design: Containers automatically limit height to fit your screen
The plugin runs in the background and:
- 🎯 Tracks the hostname of every HTTP request made through Caido
- 📝 Stores discovered hosts with timestamps and request counts
- 🔄 Maintains the list across plugin sessions
- 📊 Shows statistics about discovered hosts and total requests tracked
When you click the Wayback button for a domain:
- 🌐 Queries the Internet Archive CDX API:
https://web.archive.org/cdx/search/cdx - 📊 Uses parameters:
url=domain/*&matchType=domain&output=json&fl=timestamp,original,statuscode&collapse=urlkey&limit=100 - ⏱️ Uses Caido's HTTP module (
import { fetch } from "caido:http") for external requests - 📋 Displays up to 10 results in the UI with clickable links and timestamps
- 🔍 Full results available in browser console for detailed analysis
- ⚡ 30-second timeout with proper error handling
The backend (packages/backend/src/index.ts) includes:
- Host Validation: RFC-compliant domain validation
- Content Parsing: Advanced regex patterns for host extraction
- Multi-Source Analysis: Extracts from:
- Sitemap entries
- HTTP request URLs and headers
- HTTP response headers and bodies
- Error Handling: Graceful handling of invalid URLs and data
The frontend (packages/frontend/src/views/App.vue) features:
- Vue 3 Composition API: Modern reactive framework
- PrimeVue Components: Professional UI components
- Real-time Statistics: Live update of extraction progress
- Responsive Design: Works across different screen sizes
- Toast Notifications: User feedback for actions
The plugin uses multiple regex patterns to identify hosts:
- Standard Domain Pattern: Matches
https?://domain.comformats - Subdomain Pattern: Matches multi-level subdomains
- Header Extraction: Extracts from Host, Referer, Location headers
- Content Parsing: Finds embedded URLs in request/response bodies
├── packages/
│ ├── backend/ # Backend plugin logic
│ │ └── src/
│ │ └── index.ts # Main backend implementation
│ └── frontend/ # Frontend Vue.js application
│ └── src/
│ ├── index.ts # Frontend entry point
│ └── views/
│ └── App.vue # Main UI component
├── caido.config.ts # Plugin configuration
└── package.json # Project dependencies
npm run build- Build the plugin packagenpm run watch- Watch mode for developmentnpm run lint- Run ESLintnpm run typecheck- Run TypeScript type checking
The plugin uses a simple, real-time tracking approach:
Core Tracking Logic:
// Track hosts from every HTTP request
const onRequest = (sdk: SDK, request: any): void => {
const url = request.getUrl();
const urlObj = new URL(url);
const hostname = urlObj.hostname;
// Store in persistent map
trackHost(hostname, urlObj.pathname);
};Initialization from History:
// Populate from recent requests on startup
const query = sdk.requests.query().first(500);
const results = await query.execute();
for (const item of results.items) {
const url = item.request.getUrl();
const urlObj = new URL(url);
trackHost(urlObj.hostname, urlObj.pathname);
}What We Track:
- ✅ Request URL hostnames
- ✅ Host headers (if different)
- ✅ Request timestamps and counts
- ✅ Unique paths per host
What We DON'T Track (keeps it clean):
- ❌ Response body content
- ❌ JavaScript embedded URLs
- ❌ CSS/image references
- ❌ Third-party tracking domains from content
- TypeScript - Type-safe JavaScript
- Vue.js 3 - Progressive frontend framework
- PrimeVue - Rich UI component library
- pnpm - Fast, disk space efficient package manager
- Caido SDK - Plugin development framework
- Fork the repository
- Create a feature branch
- Implement your changes
- Run tests and linting
- Submit a pull request
- All extracted data is processed locally within Caido
- No external network requests are made
- Domain validation prevents injection attacks
- Proper error handling prevents crashes
This project is licensed under the MIT License.