LinuxCommandLibrary

kiterunner

TLDR

Scan API

$ kr scan [url] -w [wordlist.txt]
copy
Brute force endpoints
$ kr brute [url] -w [wordlist.txt]
copy
Use specific wordlist
$ kr scan [url] -A apiroutes-210228
copy
Scan with headers
$ kr scan [url] -w [list] -H "Authorization: Bearer [token]"
copy
Output to file
$ kr scan [url] -w [list] -o [results.txt]
copy

SYNOPSIS

kr command [options] target

DESCRIPTION

kiterunner discovers API endpoints through context-aware scanning. It uses wordlists designed for API route discovery.
The tool sends requests mimicking real API calls. It's effective for finding hidden API endpoints.
kiterunner discovers API endpoints.

PARAMETERS

scan URL

Scan target URL.
brute URL
Brute force endpoints.
-w WORDLIST
Wordlist file.
-A ASSETNOTE
Use Assetnote wordlist.
-H HEADER
Add HTTP header.
-o FILE
Output file.
--help
Display help information.

CAVEATS

Security testing tool. Authorized use only. Go-based.

HISTORY

kiterunner was created by Assetnote for API endpoint discovery during security assessments.

SEE ALSO

ffuf(1), gobuster(1), dirsearch(1)

Copied to clipboard