loading
loading
Scanners
A command-line scanner that finds exposed services, files, and folders through the web root.
overview
ChopChop scans a set of web endpoints and flags exposure of services, files, and folders reachable through the web root. Its checks are signatures written in a YAML config, so what it looks for stays under your control: ship the defaults, edit them, or add your own for the patterns that matter to your apps. Michelin's CERT built it for dynamic application security testing that developers can extend.
Because each signature carries a severity, ChopChop fits a CI gate. Set a maximum severity and the run blocks the pipeline when a check at or above that level fires, which turns a scanner into a release guardrail. Plugin and severity filters narrow a run to the checks you want to run.
On Trickest, ChopChop is a Scanners node that takes a file of URLs and writes a file and a folder of results. Feed it live hosts from a prober, point it at a curated signature file, and route the findings into the same triage path as the rest of your scan output.
source github.com/michelin/ChopChop
use cases
Run the signature set against a host to surface backups, config files, .git and .env leaks, and admin interfaces reachable through the web root.
Set a maximum severity so the run fails the pipeline whenever a check at or above that level fires, stopping risky exposure before release.
Add checks to the YAML config for patterns specific to your stack, then point ChopChop at that file so it tests exactly what you define.
Pass a URL file from an httpx run so ChopChop only tests endpoints already known to respond, then filter by plugin or severity to focus the run.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| url-file | FILE | --url-file | File of URLs to test, used instead of a single URL. |
| signatures | FILE | --signatures | Path to the signature file (default chopchop.yml). |
| threads | STRING | --threads | Number of concurrent threads (default 1). |
| timeout | STRING | --timeout | Timeout for the HTTP requests (default 10s). |
| max-severity | STRING | --max-severity | Block the CI pipeline if a finding's severity is at or above this level. |
| severity-filter | STRING | --severity-filter | Only run checks that match the given severity. |
| plugin-filters | STRING | --plugin-filters | Only run the plugin whose name matches this value. |
| insecure | BOOLEAN | --insecure | Control SSL certificate verification for the HTTP requests. |
Showing key inputs. chopchop exposes 9 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| threads | STRING | --threads | Number of threads (default 1). |
| timeout | STRING | --timeout | Timeout for the HTTP requests (default 10s). |
| insecure | BOOLEAN | --insecure | Control SSL certificate verification. |
| url-file | FILE | --url-file | Path to a file containing URLs to test. Use this instead of a single URL, not both together. |
| verbosity | STRING | -v | Log level: debug, info, warn, error, fatal, panic (default "warning"). |
| signatures | FILE | --signatures | Path to the signature file (default "chopchop.yml"). |
| max-severity | STRING | --max-severity | Block the CI pipeline if severity is over or equal to the specified level. |
| plugin-filters | STRING | --plugin-filters | Filter by plugin name; the engine only checks for the plugin with the same name. |
| severity-filter | STRING | --severity-filter | Filter by severity; the engine checks only for checks of the same severity. |
example
# scan probed hosts against a signature set, gate on high severitychopchop --url-file urls.txt --signatures chopchop.yml --threads 8 --max-severity High+---------------------+----------------+----------+----------------------+| URL | ENDPOINT | SEVERITY | PLUGIN |+---------------------+----------------+----------+----------------------+| https://example.com | /.git/config | High | Git config exposed || https://example.com | /.env | High | Env file exposed || https://example.com | /server-status | Medium | Apache status page || https://example.com | /phpinfo.php | Medium | PHPInfo exposed || https://example.com | /.svn/entries | Low | SVN metadata exposed |+---------------------+----------------+----------+----------------------+guidance
Use ChopChop to check known web roots for exposed files and services with signatures you control, especially when you want a severity-based CI gate. It tests endpoints you already have, so feed it probed hosts. For broad CVE coverage, pair it with a template scanner like nuclei.
Larger template ecosystem for CVEs and misconfigurations. ChopChop is leaner and signature-driven for web-root exposure.
Classic web server scanner. ChopChop's signatures are YAML and built to extend.
Hunts for secret files on web servers. Overlaps on exposure, narrower scope.
faq
related
Find reflected XSS during recon by checking payload reflection.
Fast and customizable subdomain wordlist generator using patterns.
Scans software bills of materials for security vulnerabilities.
Find broken links, missing images, and other dead references within your HTML.
A CMS detection and exploitation suite.
The Swiss Army knife for automated Web Application Testing.
Hosts are probed by httpx, then ChopChop scans the live ones against its signatures and writes the exposure findings as a queryable output.
Facts on this page come from the live Trickest tool library.