KiteRunner
General
Useful for content-discovery, such as directories & parameters.
Usage
kr wordlist list# Scan with Assetnote wordlists
kr scan http://localhost -A=apiroutes-240528
# Scan with a wordlist
kr scan http://127.0.0.1 -w /usr/share/wordlists/routes-large.kite# Brute requires NOT a .kite/.json wordlist
kr brute http://127.0.0.1 -A=apiroutes-240528 -e asp,aspx,cfm,xml$ cat api_endpoint_list
http://127.0.0.1/vapi
http://127.0.0.1/vapi#tag/
$ kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kitekr scan http://127.0.0.1 -w <wordlist.kite> -A=<wordlist># Examine a specific request in detail
kr kb replay -w /usr/share/wordlists/routes-small.kite "GET 404 [ 576, 51, 7] http://127.0.0.1/api/fonts/google/Roboto:500/3_webfont.woff2"# Examine a specific request in detail & send it to a proxy
kr kb replay -w /usr/share/wordlists/routes-small.kite "GET 404 [ 576, 51, 7] http://127.0.0.1/api/fonts/google/Roboto:500/3_webfont.woff2" --proxy=http://127.0.0.1:8080kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kite --fail-status-codes 400,401,404,501# JSON
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -o json
# Quiet mode
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -q > results
# Plain text
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -text# --max-connection-per-host
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -x 5
# --max-parallel-hosts (5 requests per domain)
kr scan api_endpoint_list -w /usr/share/wordlists/routes-small.kit -j 2Resources
Last updated
Was this helpful?