The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters - View it on GitHub