Linux command
kiterunner-brute 命令
网络
复制后可按需替换文件名、目录或参数。
常用示例
Bruteforce API endpoints
kr brute [https://api.example.com] -w [wordlist.txt]
Bruteforce with specific methods
kr brute [url] -w [wordlist.txt] -X GET,POST
Bruteforce with headers
kr brute [url] -w [wordlist.txt] -H "Authorization: Bearer [token]"
说明
kr brute performs traditional wordlist-based bruteforce against API endpoints. Part of Kiterunner, an API endpoint discovery tool by Assetnote. Tests various HTTP methods and paths to discover hidden endpoints.
参数
- -w _wordlist_
- Wordlist file for bruteforcing.
- -X _methods_
- HTTP methods to use.
- -H _header_
- Add custom header.
- -t _threads_
- Number of concurrent threads.
- -o _file_
- Output file.
FAQ
What is the kiterunner-brute command used for?
kr brute performs traditional wordlist-based bruteforce against API endpoints. Part of Kiterunner, an API endpoint discovery tool by Assetnote. Tests various HTTP methods and paths to discover hidden endpoints.
How do I run a basic kiterunner-brute example?
Run `kr brute [https://api.example.com] -w [wordlist.txt]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -w _wordlist_ do in kiterunner-brute?
Wordlist file for bruteforcing.