kiterunner-wordlist

List all cached and available Assetnote wordlists

$ kiterunner wordlist list

$ kiterunner wordlist list [[-o|--output]] [json]

$ kiterunner wordlist list [[-v|--verbose]] [debug]

$ kiterunner wordlist save [apiroutes-210328]

$ kiterunner wordlist save [path/to/httparchive_apiroutes_2024_05_28.txt]

$ kiterunner wordlist save [apiroutes-210328,aspx-210328]

$ kiterunner wordlist save [apiroutes-210328] [[-q|--quiet]]

kiterunner-wordlist [OPTIONS]

-o, --output FILE
    Specifies the path to the output file where the generated wordlist will be saved. If not specified, the wordlist is printed to standard output (stdout).

--include CATEGORY
    Includes paths from a specified category (e.g., 'common', 'cms', 'frameworks'). This option can be used multiple times to include paths from various categories.

--exclude CATEGORY
    Excludes paths from a specified category. This is useful for reducing the wordlist size or avoiding irrelevant entries for a specific target. Can be used multiple times.

-x, --extensions CSV
    Appends a comma-separated list of common file extensions (e.g., 'php,asp,html') to the paths. This creates variations like admin.php, admin.asp, etc.

--path-list FILE
    Specifies a path to a file containing additional custom paths to be included in the wordlist. This option can be specified multiple times.

--no-default
    Prevents the inclusion of Kiterunner's default common paths in the generated wordlist, allowing for a strictly custom or category-based list.

--force-overwrite
    Forces the tool to overwrite the output file if it already exists, without prompting for confirmation.

--path-prefix STRING
    Adds a specified string as a prefix to every generated path (e.g., /api/v1/).

--path-suffix STRING
    Adds a specified string as a suffix to every generated path (e.g., .bak).

--max-length INTEGER
    Sets the maximum allowed length for paths to be included in the wordlist. Paths exceeding this length are discarded.

--min-length INTEGER
    Sets the minimum required length for paths to be included in the wordlist. Paths shorter than this length are discarded.

--no-recursive
    Disables the generation of recursive paths (e.g., if /admin is a path, it won't generate /admin/dashboard if recursion logic applies).

--no-index-files
    Prevents the inclusion of common index files (e.g., index.php, default.aspx, home.html) in the wordlist.

--deduplicate
    Ensures that all paths in the final wordlist are unique by removing any duplicate entries. This is often an implicit behavior but can be explicitly specified.

-h, --help
    Displays a help message outlining command usage and options.

-v, --version
    Displays the version information for the Kiterunner tool.

kiterunner-wordlist is a powerful utility bundled with the Kiterunner web enumeration tool. Its primary function is to generate highly customizable wordlists specifically designed for discovering hidden directories, files, and endpoints on web applications. Unlike generic wordlists, kiterunner-wordlist leverages an extensive knowledge base, including common paths, technology-specific paths (e.g., for CMS, frameworks), and common file extensions, to produce wordlists optimized for targeted reconnaissance. Users can include or exclude specific categories, append custom path lists, add prefixes and suffixes, and filter by path length, enabling the creation of extremely focused and effective enumeration lists. This tailored approach significantly enhances the efficiency and accuracy of web security assessments by reducing noise and focusing on relevant attack surface areas.

Generating comprehensive wordlists, especially with many inclusions and extensions, can result in very large files that consume significant disk space and memory.
The time required for wordlist generation can vary greatly depending on the selected categories, custom paths, and the complexity of extensions/prefixes/suffixes.
kiterunner-wordlist is part of the Kiterunner suite and requires its proper installation to function.
The effectiveness of the generated wordlist is highly dependent on the target application's technology stack and its specific configuration.

Users often combine categories like --include common --include cms with specific extensions like --extensions php,html to create a general but robust wordlist for PHP-based CMS applications. For more targeted scans, --no-default combined with --path-list and --path-prefix is used to focus on known application structures.

The wordlists generated by kiterunner-wordlist are designed to be directly fed into the main kiterunner command using its wordlist options (e.g., -w or --wordlists). This seamless integration allows for rapid deployment of custom reconnaissance strategies.

kiterunner-wordlist is an integral component of the Kiterunner project, developed by Assetnote, a company known for its external attack surface management solutions. Kiterunner was designed to enhance traditional web enumeration techniques by leveraging a vast dataset of known web paths and configurations. The kiterunner-wordlist utility was introduced to provide users with the flexibility to craft highly specialized wordlists, moving beyond generic lists to provide more targeted and efficient reconnaissance, thereby improving the overall effectiveness of web security assessments in an evolving threat landscape.

kiterunner(1), gobuster(1), ffuf(1), dirb(1), curl(1), wget(1), sort(1), uniq(1)