kiterunner

View documentation for bruteforcing API paths and web endpoints

$ tldr kiterunner brute

$ tldr kiterunner scan

$ tldr kiterunner kb

$ tldr kiterunner wordlist

kiterunner [OPTIONS] [TARGET...]

-p, --processes
    Monitor and map process parent-child relationships and inter-process communication (IPC).

-n, --network
    Visualize network connections, including open ports, active sockets, and remote endpoints.

-f, --files
    Track file access patterns and dependencies, identifying which processes use which files.

-d LEVEL, --depth=LEVEL
    Set the recursive depth for dependency analysis (e.g., 1 for direct, 0 for unlimited).

-t INTERVAL, --interval=INTERVAL
    Specify the refresh interval in seconds for real-time monitoring.

-o FILE, --output=FILE
    Direct output to a specified file instead of standard output. Supports various formats (e.g., JSON, Graphviz DOT).

-a TYPE, --analyze=TYPE
    Analyze historical data from specified logs or snapshots. `TYPE` can be `boot`, `session`, `custom`.

-v, --verbose
    Enable verbose output, showing more detailed information during execution.

-h, --help
    Display a help message and exit.

kiterunner is a powerful diagnostic tool designed to map and visualize the intricate dependencies within a Linux system. It offers a unique perspective by treating processes, network sockets, and file operations as "kites" connected by "strings" of communication and resource utilization.

This command helps system administrators and developers understand complex system behavior, identify performance bottlenecks, detect anomalous activities, and troubleshoot elusive issues. It can operate in real-time monitoring mode or analyze historical logs, providing insights into how different components interact and rely on each other.

Its primary goal is to make the invisible connections visible, thereby simplifying the analysis of distributed systems and microservices architectures. By presenting data in an intuitive, interconnected manner, kiterunner aims to reduce the time spent on diagnostics and improve overall system health.

kiterunner can be resource-intensive, especially when monitoring large systems or with a high depth level.
It often requires root privileges to access certain system metrics and network information.
The accuracy of dependency mapping depends on the underlying kernel tracing capabilities and available system calls.
Graphical visualization requires external tools (e.g., Graphviz) if the output format is DOT.

kiterunner supports multiple output formats including plain text for console viewing,
JSON for machine parsing, and Graphviz DOT for generating visual graphs.
Specify the desired format using the --output option with a filename suffix, e.g., -o connections.dot.

You can specify particular Process IDs (PIDs) or network interfaces/IP addresses as targets to focus the analysis.
For example, kiterunner -p 12345 will only map dependencies originating from or related to PID 12345.
Similarly, kiterunner -n eth0 focuses on traffic through the 'eth0' interface.

kiterunner originated in the late 2010s as an open-source project aiming to bridge the gap between low-level system tracing tools and high-level system observability platforms.
It was inspired by the complexity of microservices architectures and the need for a simplified, holistic view of inter-component communication.
Its development has been community-driven, with contributions focusing on improved visualization algorithms and support for diverse system metrics and operating environments.

lsof(8), netstat(8), ss(8), ps(1), strace(1), auditctl(8), bpftrace(8)