kiterunner
discovers API endpoints through context-aware scanning
TLDR
SYNOPSIS
kr command [options] target
DESCRIPTION
kiterunner is a context-aware content discovery tool designed specifically for finding API endpoints on web applications. Unlike traditional directory brute-forcing tools that simply append paths to a base URL, kiterunner understands API routing conventions and sends requests that mimic legitimate API calls, including appropriate HTTP methods, headers, and content types for each candidate route.The tool ships with curated wordlists from Assetnote that are tailored for common API frameworks such as Rails, Django, Express, and Spring. It supports both a `scan` mode for intelligent API-aware discovery and a `brute` mode for traditional directory enumeration, giving security professionals flexibility during reconnaissance and penetration testing engagements.
PARAMETERS
scan URL
Context-aware API endpoint discovery using datasets with correct HTTP methods, headers, and parameters.brute URL
Vanilla directory brute-forcing with custom wordlists.kb replay REQUEST
Replay a previously discovered request, optionally through a proxy.-w WORDLIST
Wordlist file.-A, --assetnote-wordlist NAME
Use wordlist from wordlist.assetnote.io. Optionally append `;N` to limit to first N lines.-H HEADER
Add HTTP header.-o FILE
Output file.-x, --max-connection-per-host N
Maximum concurrent connections per host (recommend 5-10).--disable-precheck
Skip host alive discovery before scanning.--help
Display help information.
CAVEATS
Security testing tool. Authorized use only. Go-based.
HISTORY
kiterunner was created by Assetnote for API endpoint discovery during security assessments.
