Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

Konan - Advanced Web Application Dir Scanner

$
0
0

Konan is an advanced open source tool designed to brute force directories and files names on web/application servers.

Installation
Download Konan by cloning the Git repository:
git clone https://github.com/m4ll0k/Konan.git konan
Install requirements with pip
cd konan && pip install -r requirements.txt
Run Konan
python konan.py

Support Platforms
  • Linux
  • Windows
  • MacOSX

Features
FeaturesKonandirsearchdirbgobuster
MultiThreadedyesyesyesyes
Multiple Extensionsyesyesnono
HTTP Proxy Supportyesyesyesyes
Reportingyes (text and json)yes (text and json)yes (text)no
User-Agent randomizationyesyesnono
Ignore word in wordlist using regexpyesnonono
Split extension in wordlistyesnonono
Multiple Methodsyesnonono
Response Size Processyesnonono
Provide Sub-Dir for Brute Forceyesnonono
Provide Dir for Recursively Brute Forceyesnonono
URL Injection Pointyesnonono

Usage
Basic:
  • python konan.py -u/--url http://example.com/
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 01:32:57 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 01:33:12 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.php
8.77% - 01:40:02 - 302 - GET - 14 - http://testphp.vulnweb.com/userinfo.php -> login.php
Injection Point:
  • python konan.py -u/--url http://example.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search/index.php
  • python konan.py -u/--url http://example.com/test%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/test%%

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test12
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/test34
Provide wordlist, default /db/dict.txt:
  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt
Provide extensions with -f/--force option:
  • python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 02:00:21 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.html
0.43% - 02:00:23 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 02:00:30 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 02:00:46 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.html
0.87% - 02:00:50 - 200 - GET - 6115 - http://testphp.vulnweb.com/categories.html
Provide status code exclusion:
  • python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401
Provide only status code for output:
  • python konan.py -u/--url http://example.com/ -o/--only 200,301,302
Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):
  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]
Wordlist split (test.php -> to -> test):
  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split
Wordlist Ignore word,letters,number,..etc provided by regexp (\w*.php|\w*.html,^[0-9_-]+):_
  • python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "\?+"
Output without -I/--ignore options:
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 02:06:31 - 200 - GET - 4958 - http://testphp.vulnweb.com/???.php
0.43% - 02:06:32 - 200 - GET - 4732 - http://testphp.vulnweb.com/???????????
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
Output with -I/--ignore (in this case \?+) options:
 URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
Recursive:_
  • python konan.py -u/--url http://example.com/ -E/--recursive
Recursive directory found and directory provided by -D/--dir-rec:
  • python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"
Brute Force directory provided by -S/--sub-dir:
  • python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"
Multiple Methods (check GET,POST,PUT and DELETE for word entry):
Note: Much web application if not make the request with right method return 404 code, this option test all methods
  • python konan.py -u/--url http://example.com/ -m/--methods"
Content size process (show response if the response size is ">[number]","<[number]","=[number]"):
  • python konan.py -u/--url http://example.com/ -C/--lenght "<1000"
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/
1.73% - 02:12:37 - 301 - GET - 184 - http://testphp.vulnweb.com/images -> http://testphp.vulnweb.com/images/



Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>