kiterunner

View documentation for bruteforcing API paths and web endpoints

$ tldr kiterunner brute

$ tldr kiterunner scan

$ tldr kiterunner kb

$ tldr kiterunner wordlist

kr scan [options] <target>

-t, --target <url>
    Specifies the target URL to scan.

-w, --wordlists <file1,file2,...>
    Specifies custom wordlists to use for content discovery.
Separate multiple wordlists with commas.

-c, --concurrency <integer>
    Sets the number of concurrent requests to send. Defaults to 25.

--include-subs
    Includes subdomains of the target in the scan.

--exclude-response-codes <code1,code2,...>
    Excludes specific HTTP response codes from the results. Useful for filtering out common errors.

-o, --output <file>
    Saves the scan results to a file.

--no-recursion
    Disables recursive directory discovery. Avoids scanning subdirectories of discovered paths.

--user-agent <string>
    Sets a custom User-Agent header for requests.

--proxy <url>
    Specifies a proxy server to use for all requests.

-l, --level <integer>
    Sets the scan level (intensity) from 1 to 5. Defaults to 3. Higher levels use more aggressive wordlists and rules.

--json
    Output scan results in JSON format.

--threads <integer>
    Sets the number of threads to use for scanning.

Kiterunner is a context-aware vulnerability scanner designed to discover potential attack surfaces by identifying endpoints and hidden content on web applications.
It differentiates itself from traditional web content discovery tools by incorporating information gathered during its crawl. This allows it to dynamically adjust its scan based on discovered technologies, file extensions, and common URL structures. Kiterunner leverages a large library of wordlists and rules to identify both common and less-obvious files and directories.
Kiterunner supports multiple protocols including HTTP, HTTPS and allows customized headers and request methods. The main goal is to find hidden content and hidden vulnerabilities without relying on external services or APIs.

Kiterunner is a powerful tool and should be used responsibly and ethically. Ensure you have permission to scan a target before running Kiterunner. Excessive concurrency can overload the target server, potentially causing a denial-of-service. Be mindful of the scan level and adjust concurrency as needed. Some advanced features may require configuration file adjustments.

Kiterunner is commonly installed using package managers or by downloading pre-built binaries. Refer to the official Kiterunner documentation for detailed installation instructions specific to your operating system.

Kiterunner's behavior can be customized through configuration files. These files allow modification of wordlists, rules, request headers, and other settings. Check the official documentation for information on configuration file locations and options.

ffuf(1), gobuster(1), dirb(1)