Endpoint spidering TL;DR: Crawl the live app to surface routes, hidden params, internal API calls. katana, hakrawler, gospider. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO