kiterunner

Command: --delay - Delay to place inbetween requests to a single host

Command: - Target hosts

Command: --quiet - Quiet mode. will mute unecessarry pretty text

Command: --header - Headers to add to requests (default [x-forwarded-for: 127.0.0.1])

Command: --output - Output format. Can be json,text,pretty (default pretty)

Command: kb - Kb mode. Manipulate the kitebuilder schema

Command: --timeout - Timeout to use on all requests (default 3s)

Command: --verbose - Level of logging verbosity. can be error,info,debug,trace (default info)

Command: -w - Normal/ogl wordlist to use for scanning

Command: scan - Scan mode.

Command: brute - Bruteforce mode.

Command: --filter-api - Only scan apis matching this ksuid

Command: --user-agent - User agent to use for requests (default Chrome. Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36)

Command: --config - Specify the config file.

Command: --force-method - Whether to ignore the methods specified in the ogl file and force this method

Command: --profile-name - Name for profile output file

Command: --ignore-length - A range of content length bytes to ignore. you can have multiple. e.g. 100-105 or 1234 or 123,34-53. This is inclusive on both ends

Command: -d - Debug mode will attempt to convert the schema with error handling

Command: parse - Parse an kitebuilder schema and print out the prettified data

Command: --max-redirects - Maximum number of redirects to follow (default 3)

Command: wordlist - Wordlist mode. Look at your cached wordlists and remote wordlists

Command: replay - Replay a kitebuilder request based on the input

Command: convert - onvert an input file format into the specified output file format

Command: --preflight-depth - When performing preflight checks, what directory depth do we attempt to check. 0 means that only the docroot is checked (default 1)

Command: --blacklist-domain - Domains that are blacklisted for redirects. We will not follow redirects to these domains

Command: --disable-precheck - Whether to skip host discovery

Command: --kitebuilder-list - Ogl wordlist to use for scanning

Command: --fail-status-codes - Which status codes blacklist as fail. if this is set, this will override success-status-codes

Command: --assetnote-wordlist - Use the wordlists from wordlist.assetnote.io. specify the type/name to use, e.g. apiroutes-210228. You can specify an additional maxlength to use only the first N values in the wordlist, e.g. apiroutes-210228;20000 will only use the first 20000 lines in that wordlist

Command: --max-parallel-hosts - Max number of concurrent hosts to scan at once (default 50)

Command: --wildcard-detection - Can be set to false to disable wildcard redirect detection (default true)

Command: list - List the wordlists cached and available

Command: save - Save the wordlists specified (full filename or alias)

Command: --quarantine-threshold - If the host return N consecutive hits, we quarantine the host as wildcard. Set to 0 to disable (default 10)

Command: --success-status-codes - Which status codes whitelist as success. this is the default mode

Command: --extensions - Extensions to append while scanning

Command: --kitebuilder-full-scan - Perform a full scan without first performing a phase scan.

Command: --max-connection-per-host - Max connections to a single host (default 3)

Command: compile - Compile an kitebuilder schema and write the data to the specified file

Command: --dirsearch-compat - This will replace %EXT% with the extensions provided. backwards compat with dirsearch because shubs loves him some dirsearch

Command: -

Command: - kb mode convert mode output file format