Pynt Listen is an interactive feature in Pynt that acts as a listening proxy on a chosen port. It's designed to capture network traffic when users redirect it to this port. Pynt stays in listening mode, waiting for the user's cue. A scan on the captured traffic starts when the user presses enter, moving Pynt from waiting to actively analyzing the traffic.

Pynt can be integrated with nearly any tool that generates API traffic, provided the tool can direct its traffic through Pynt's proxy.

Basic usage

pynt listen --captured-domains <domains to scan>

Required arguments

--captured-domains - Pynt will scan only these domains and subdomains. For all domains write "*"

Specifying a captured domain is crucial when using pynt listen, particularly for web applications. Web browsers often generate a vast amount of unrelated traffic, which can clutter the scan results. By focusing on a specific domain, pynt listen can more effectively monitor relevant network activity.

Optional arguments

    --port - Set the port pynt will listen to (DEFAULT: 5001)
    --ca-path - The path to the CA file in PEM format
    --proxy-port - Set the port proxied traffic should be routed to (DEFAULT: 6666)
    --report - If present will save the generated report in this path.
    --insecure - use when target uses self signed certificates
    --host-ca - path to the CA file in PEM format to enable SSL certificate verification for pynt when running through a VPN.
    --return-error - 'all-findings' (warnings, or errors), 'errors-only', 'never' (default),

Examples

• Pynt with browsers

• Pynt with Burp suite

• Pynt with ReadyAPI

• Pynt with Insomnia