LinuxCommandLibrary

kiterunner-brute

performs traditional wordlist-based bruteforce against API endpoints

TLDR

Bruteforce API endpoints

$ kr brute [https://api.example.com] -w [wordlist.txt]
copy
Bruteforce with specific methods
$ kr brute [url] -w [wordlist.txt] -X GET,POST
copy
Bruteforce with headers
$ kr brute [url] -w [wordlist.txt] -H "Authorization: Bearer [token]"
copy

SYNOPSIS

kr brute [options] target

DESCRIPTION

kr brute performs traditional wordlist-based bruteforce against API endpoints. Part of Kiterunner, an API endpoint discovery tool by Assetnote. Tests various HTTP methods and paths to discover hidden endpoints.

PARAMETERS

-w wordlist

Wordlist file for bruteforcing.
-X methods
HTTP methods to use.
-H header
Add custom header.
-t threads
Number of concurrent threads.
-o file
Output file.

SEE ALSO

kiterunner-wordlist(1), gobuster(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community