kiterunner-scan

Scan URL

$ kr scan [url] -w [wordlist]

$ kr scan [url] -A apiroutes-210228

$ kr scan [url] -w [list] -H "Authorization: Bearer [token]"

$ kr scan [url] -w [list] -x [50]

$ kr scan [url] -w [list] --fail-status-codes 404,400

kr scan [options] target

kr scan is the primary scanning subcommand of kiterunner, performing context-aware API endpoint discovery against a target URL. Rather than simply appending wordlist entries as path suffixes, it constructs full API requests with appropriate HTTP methods, content types, and route parameters based on patterns in the supplied wordlist, which makes it significantly more effective at identifying real API routes.
The command supports Assetnote's pre-built knowledge base wordlists (via the -A flag) as well as custom wordlist files. You can control concurrency with -x, add authentication headers with -H, and filter out unwanted responses by status code. Results include the detected HTTP method, path, status code, and response size, providing a clear picture of the target's API surface.

TARGET

URL to scan.

Custom wordlist file.

Assetnote knowledge base.

Add request header.

Concurrent requests.

Status codes to ignore.

Display help information.

Subcommand of kiterunner. Authorized testing only. Can generate high traffic.

kr scan is the main scanning command in kiterunner, developed by Assetnote for API security testing.

kiterunner(1), kiterunner-kb(1)