KiteRunner

General

Useful for content-discovery, such as directories & parameters.

Usage

kr wordlist list

# Scan with Assetnote wordlists
kr scan http://localhost -A=apiroutes-240528
# Scan with a wordlist
kr scan http://127.0.0.1 -w /usr/share/wordlists/routes-large.kite

# Brute requires NOT a .kite/.json wordlist
kr brute http://127.0.0.1 -A=apiroutes-240528 -e asp,aspx,cfm,xml

$ cat api_endpoint_list
http://127.0.0.1/vapi
http://127.0.0.1/vapi#tag/

$ kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kite

kr scan http://127.0.0.1 -w <wordlist.kite> -A=<wordlist>

# Examine a specific request in detail
kr kb replay -w /usr/share/wordlists/routes-small.kite "GET     404 [    576,   51,   7] http://127.0.0.1/api/fonts/google/Roboto:500/3_webfont.woff2"

# Examine a specific request in detail & send it to a proxy
kr kb replay -w /usr/share/wordlists/routes-small.kite "GET     404 [    576,   51,   7] http://127.0.0.1/api/fonts/google/Roboto:500/3_webfont.woff2" --proxy=http://127.0.0.1:8080

kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kite --fail-status-codes 400,401,404,501

# JSON
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -o json
# Quiet mode
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -q > results
# Plain text
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -text

# --max-connection-per-host
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -x 5
# --max-parallel-hosts (5 requests per domain)
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -j 2

Resources

GitHub - assetnote/kiterunner: Contextual Content Discovery ToolGitHub

Previousmitmweb NextArjun

Last updated 11 months ago

Was this helpful?