kiterunner
Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning-fast speeds but also brute-forcing routes/endpoints in modern applications.
Name:kiterunner
Category:Discovery
Publisher:trickest
Created:11/13/2021
Container:
quay.io/trickest/kiterunner:7d5824c-patch-1
Output Type:
License:Unknown
Source:View Source
Parameters
--delay
Delay to place inbetween requests to a single host
Target hosts--quiet
Quiet mode. will mute unecessarry pretty text--header
Headers to add to requests (default [x-forwarded-for: 127.0.0.1])--output
Output format. Can be json,text,pretty (default pretty)kb
Kb mode. Manipulate the kitebuilder schema--timeout
Timeout to use on all requests (default 3s)--verbose
Level of logging verbosity. can be error,info,debug,trace (default info)-w
Normal/ogl wordlist to use for scanningscan
Scan mode.brute
Bruteforce mode.--filter-api
Only scan apis matching this ksuid--user-agent
User agent to use for requests (default Chrome. Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36)--config
Specify the config file.--force-method
Whether to ignore the methods specified in the ogl file and force this method--profile-name
Name for profile output file--ignore-length
A range of content length bytes to ignore. you can have multiple. e.g. 100-105 or 1234 or 123,34-53. This is inclusive on both ends-d
Debug mode will attempt to convert the schema with error handlingparse
Parse an kitebuilder schema and print out the prettified data--max-redirects
Maximum number of redirects to follow (default 3)wordlist
Wordlist mode. Look at your cached wordlists and remote wordlistsreplay
Replay a kitebuilder request based on the inputconvert
onvert an input file format into the specified output file format--preflight-depth
When performing preflight checks, what directory depth do we attempt to check. 0 means that only the docroot is checked (default 1)--blacklist-domain
Domains that are blacklisted for redirects. We will not follow redirects to these domains--disable-precheck
Whether to skip host discovery--kitebuilder-list
Ogl wordlist to use for scanning--fail-status-codes
Which status codes blacklist as fail. if this is set, this will override success-status-codes--assetnote-wordlist
Use the wordlists from wordlist.assetnote.io. specify the type/name to use, e.g. apiroutes-210228. You can specify an additional maxlength to use only the first N values in the wordlist, e.g. apiroutes-210228;20000 will only use the first 20000 lines in that wordlist--max-parallel-hosts
Max number of concurrent hosts to scan at once (default 50)--wildcard-detection
Can be set to false to disable wildcard redirect detection (default true)list
List the wordlists cached and availablesave
Save the wordlists specified (full filename or alias)--quarantine-threshold
If the host return N consecutive hits, we quarantine the host as wildcard. Set to 0 to disable (default 10)--success-status-codes
Which status codes whitelist as success. this is the default mode--extensions
Extensions to append while scanning--kitebuilder-full-scan
Perform a full scan without first performing a phase scan.--max-connection-per-host
Max connections to a single host (default 3)compile
Compile an kitebuilder schema and write the data to the specified file--dirsearch-compat
This will replace %EXT% with the extensions provided. backwards compat with dirsearch because shubs loves him some dirsearch
kb mode convert mode output file format