katana - Trickest Platform Documentation

Details

Category: Discovery

Publisher: trickest-mhmdiaa

Created Date: 11/7/2022

Container: quay.io/trickest/katana:d835925

Source URL: https://github.com/projectdiscovery/katana

Parameters

url

string

required

Command: -u - target url

list

file

required

Command: -list - target url list

debug

boolean

Command: -debug - display debug output

delay

string

Command: -delay - request delay between each request in seconds

depth

string

Command: -depth - maximum depth to crawl (default 3)

field

string

Command: -field - field to display in output (url,path,fqdn,rdn,rurl,qurl,qpath,file,ufile,key,value,kv,dir,udir)

jsonl

boolean

Command: -jsonl - write output in JSONL(ines) format

proxy

string

Command: -proxy - http/socks5 proxy to use

retry

string

Command: -retry - number of times to retry the request (default 1)

config

file

Command: -config - path to the katana configuration file

resume

file

Command: -resume - resume scan using resume.cfg

silent

boolean

Command: -silent - display output only

exclude

string

Command: -exclude - exclude host matching specified filter ('cdn', 'private-ips', cidr, ip, regex)

headers

string

Command: -headers - custom header/cookie to include in request

jsluice

boolean

Command: -jsluice - enable jsluice parsing in javascript file (memory intensive)

passive

boolean

Command: -passive - enable passive sources to discover target endpoints

timeout

string

Command: -timeout - time to wait for request in seconds (default 10)

verbose

boolean

Command: -verbose - display verbose output

headless

boolean

Command: -headless - enable headless hybrid crawling (experimental)

js-crawl

boolean

Command: -js-crawl - enable endpoint parsing / crawling in javascript file

no-scope

boolean

Command: -no-scope - disables host based default scope

omit-raw

boolean

Command: -omit-raw - omit raw requests/responses from jsonl output

strategy

string

Command: -strategy - Visit strategy (depth-first, breadth-first) (default depth-first)

omit-body

boolean

Command: -omit-body - omit response body from jsonl output

resolvers

string

Command: -resolvers - list of custom resolver (file or comma separated)

no-sandbox

boolean

Command: -no-sandbox - start headless chrome in --no-sandbox mode

rate-limit

string

Command: -rate-limit - maximum requests to send per second (default 150)

concurrency

string

Command: -concurrency - number of concurrent fetchers to use (default 10)

crawl-scope

string

Command: -crawl-scope - in scope url regex to be followed by crawler

field-scope

string

Command: -field-scope - pre-defined scope field (dn,rdn,fqdn) or custom regex (e.g., '(company-staging.io|company.com)') (default rdn)

form-config

file

Command: -form-config - path to custom form configuration file

known-files

string

Command: -known-files - enable crawling of known files (all,robotstxt,sitemapxml)

match-regex

string

Command: -match-regex - regex to match on output url

parallelism

string

Command: -parallelism - number of concurrent inputs to process (default 10)

store-field

string

Command: -store-field - field to store in per-host output (url,path,fqdn,rdn,rurl,qurl,qpath,file,ufile,key,value,kv,dir,udir)

field-config

file

Command: -field-config - path to custom field configuration file

filter-regex

string

Command: -filter-regex - regex to filter on output url

headers-file

file

Command: -headers - custom header/cookie to include in request

health-check

boolean

Command: -health-check - run diagnostic check up

no-incognito

boolean

Command: -no-incognito - start headless chrome without incognito mode

crawl-duration

string

Command: -crawl-duration - maximum duration to crawl the target for (s, m, h, d) (default s)

passive-source

string

Command: -passive-source - passive source to use for url discovery (waybackarchive,commoncrawl,alienvault)

xhr-extraction

boolean

Command: -xhr-extraction - extract xhr request url,method in jsonl output

chrome-data-dir

folder

Command: -chrome-data-dir - path to store chrome browser data

crawl-out-scope

string

Command: -crawl-out-scope - out of scope url regex to be excluded by crawler

extension-match

string

Command: -extension-match - match output for given extension (eg, -em php,html,js)

form-extraction

boolean

Command: -form-extraction - extract form, input, textarea & select elements in jsonl output

match-condition

string

Command: -match-condition - match response with dsl based condition

tls-impersonate

boolean

Command: -tls-impersonate - enable experimental client hello (ja3) tls randomization

extension-filter

string

Command: -extension-filter - filter output for given extension (eg, -ef png,css)

filter-condition

string

Command: -filter-condition - filter response with dsl based condition

headless-options

string

Command: -headless-options - start headless chrome with additional options

match-regex-file

file

Command: -match-regex - list of regex to match on output url

disable-redirects

boolean

Command: -disable-redirects - disable following redirects (default false)

display-out-scope

boolean

Command: -display-out-scope - display external endpoint from scoped crawling

filter-regex-file

file

Command: -filter-regex - list of regex to filter on output url

max-response-size

string

Command: -max-response-size - maximum response size to read (default 9223372036854775807)

rate-limit-minute

string

Command: -rate-limit-minute - maximum number of requests to send per minute

automatic-form-fill

boolean

Command: -automatic-form-fill - enable automatic form filling (experimental)

ignore-query-params

boolean

Command: -ignore-query-params - Ignore crawling same path with different query-param values

Library

Details

Parameters