LinuxCommandLibrary

kiterunner

discovers API endpoints through context-aware scanning

TLDR

Scan API
$ kr scan [url] -w [wordlist.txt]
copy
Brute force endpoints
$ kr brute [url] -w [wordlist.txt]
copy
Use specific wordlist
$ kr scan [url] -A apiroutes-210228
copy
Scan with headers
$ kr scan [url] -w [list] -H "Authorization: Bearer [token]"
copy
Output to file
$ kr scan [url] -w [list] -o [results.txt]
copy

SYNOPSIS

kr command [options] target

DESCRIPTION

kiterunner is a context-aware content discovery tool designed specifically for finding API endpoints on web applications. Unlike traditional directory brute-forcing tools that simply append paths to a base URL, kiterunner understands API routing conventions and sends requests that mimic legitimate API calls, including appropriate HTTP methods, headers, and content types for each candidate route.
The tool ships with curated wordlists from Assetnote that are tailored for common API frameworks such as Rails, Django, Express, and Spring. It supports both a `scan` mode for intelligent API-aware discovery and a `brute` mode for traditional directory enumeration, giving security professionals flexibility during reconnaissance and penetration testing engagements.

PARAMETERS

scan URL

Scan target URL.
brute URL
Brute force endpoints.
-w WORDLIST
Wordlist file.
-A ASSETNOTE
Use Assetnote wordlist.
-H HEADER
Add HTTP header.
-o FILE
Output file.
--help
Display help information.

CAVEATS

Security testing tool. Authorized use only. Go-based.

HISTORY

kiterunner was created by Assetnote for API endpoint discovery during security assessments.

SEE ALSO

ffuf(1), gobuster(1), dirsearch(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard