Harpy v1.0.1
High-performance web reconnaissance tool for extracting endpoints, parameters, and hidden assets from JavaScript files.
✨ What's New
- 🧠 Intelligent Hybrid Analysis: Automatic combination of regex and AST-based parsing with smart fallbacks
- 🎯 99.5% False Positive Reduction: Advanced contextual analysis for accurate parameter extraction
- 🚀 High Performance: Multi-threaded processing with configurable worker pools
- ⚡ Adaptive Rate Limiting: Smart per-domain throttling based on server responses
- 📁 Flexible Input: URLs, files, directories, or stdin support
- 🎨 Professional Output: Clean terminal display plus structured JSON
🔧 Command Line Options
# Basic usage
harpy -u https://target.com/app.js
harpy -d /path/to/js/files
harpy -f targets.txt --json -o results.json
# Advanced options
harpy -u https://target.com/main.js -v -c 50 -l 50
harpy -f urls.txt -H "User-Agent: Custom" --proxy http://127.0.0.1:8080🎯 What Harpy Extracts
- API Endpoints: REST APIs, GraphQL schemas, internal services
- Parameters: URL parameters, form fields, API parameters
- Headers: Authorization tokens, API keys, custom headers
- Domains: Internal domains, subdomains, CDN endpoints
- Hidden Assets: Admin panels, debug endpoints, development URLs
📦 Installation
Binary Download
Download the appropriate binary for your platform below.
Go Install
go install github.com/rafabd1/Harpy/cmd/harpy@latestFrom Source
git clone https://github.com/rafabd1/Harpy.git
cd Harpy
go build -o harpy ./cmd/harpy📚 Documentation
- README.md - Complete usage guide
- CHANGELOG.md - Version history