kiterunner
Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning-fast speeds but also brute-forcing routes/endpoints in modern applications.
Name:kiterunner
Category:Discovery
Publisher:trickest
Created:11/13/2021
Container:
quay.io/trickest/kiterunner:7d5824c-patch-1Output Type:
License:Unknown
Source:View Source
Parameters
--delayDelay to place inbetween requests to a single host--quietQuiet mode. will mute unecessarry pretty text--headerHeaders to add to requests (default [x-forwarded-for: 127.0.0.1])--outputOutput format. Can be json,text,pretty (default pretty)kbKb mode. Manipulate the kitebuilder schema--timeoutTimeout to use on all requests (default 3s)--verboseLevel of logging verbosity. can be error,info,debug,trace (default info)-wNormal/ogl wordlist to use for scanningscanScan mode.bruteBruteforce mode.--filter-apiOnly scan apis matching this ksuid--user-agentUser agent to use for requests (default Chrome. Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36)--configSpecify the config file.--force-methodWhether to ignore the methods specified in the ogl file and force this method--profile-nameName for profile output file--ignore-lengthA range of content length bytes to ignore. you can have multiple. e.g. 100-105 or 1234 or 123,34-53. This is inclusive on both ends-dDebug mode will attempt to convert the schema with error handlingparseParse an kitebuilder schema and print out the prettified data--max-redirectsMaximum number of redirects to follow (default 3)wordlistWordlist mode. Look at your cached wordlists and remote wordlistsreplayReplay a kitebuilder request based on the inputconvertonvert an input file format into the specified output file format--preflight-depthWhen performing preflight checks, what directory depth do we attempt to check. 0 means that only the docroot is checked (default 1)--blacklist-domainDomains that are blacklisted for redirects. We will not follow redirects to these domains--disable-precheckWhether to skip host discovery--kitebuilder-listOgl wordlist to use for scanning--fail-status-codesWhich status codes blacklist as fail. if this is set, this will override success-status-codes--assetnote-wordlistUse the wordlists from wordlist.assetnote.io. specify the type/name to use, e.g. apiroutes-210228. You can specify an additional maxlength to use only the first N values in the wordlist, e.g. apiroutes-210228;20000 will only use the first 20000 lines in that wordlist--max-parallel-hostsMax number of concurrent hosts to scan at once (default 50)--wildcard-detectionCan be set to false to disable wildcard redirect detection (default true)listList the wordlists cached and availablesaveSave the wordlists specified (full filename or alias)--quarantine-thresholdIf the host return N consecutive hits, we quarantine the host as wildcard. Set to 0 to disable (default 10)--success-status-codesWhich status codes whitelist as success. this is the default mode--extensionsExtensions to append while scanning--kitebuilder-full-scanPerform a full scan without first performing a phase scan.--max-connection-per-hostMax connections to a single host (default 3)compileCompile an kitebuilder schema and write the data to the specified file--dirsearch-compatThis will replace %EXT% with the extensions provided. backwards compat with dirsearch because shubs loves him some dirsearch