← 返回命令列表

Linux command

kiterunner-scan 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Scan URL

kr scan [url] -w [wordlist]

Scan with Assetnote wordlist

kr scan [url] -A apiroutes-210228

Scan with authentication

kr scan [url] -w [list] -H "Authorization: Bearer [token]"

Scan with concurrency

kr scan [url] -w [list] -x [50]

Filter status codes

kr scan [url] -w [list] --fail-status-codes 404,400

说明

kr scan is the primary scanning subcommand of kiterunner, performing context-aware API endpoint discovery against a target URL. Rather than simply appending wordlist entries as path suffixes, it constructs full API requests with appropriate HTTP methods, content types, and route parameters based on patterns in the supplied wordlist, which makes it significantly more effective at identifying real API routes. The command supports Assetnote's pre-built knowledge base wordlists (via the -A flag) as well as custom wordlist files. You can control concurrency with -x, add authentication headers with -H, and filter out unwanted responses by status code. Results include the detected HTTP method, path, status code, and response size, providing a clear picture of the target's API surface.

参数

-w _WORDLIST_
Custom wordlist file.
-A _KB_
Assetnote knowledge base.
-H _HEADER_
Add request header.
-x _N_
Concurrent requests.
--fail-status-codes _CODES_
Status codes to ignore.
--help
Display help information.

FAQ

What is the kiterunner-scan command used for?

kr scan is the primary scanning subcommand of kiterunner, performing context-aware API endpoint discovery against a target URL. Rather than simply appending wordlist entries as path suffixes, it constructs full API requests with appropriate HTTP methods, content types, and route parameters based on patterns in the supplied wordlist, which makes it significantly more effective at identifying real API routes. The command supports Assetnote's pre-built knowledge base wordlists (via the -A flag) as well as custom wordlist files. You can control concurrency with -x, add authentication headers with -H, and filter out unwanted responses by status code. Results include the detected HTTP method, path, status code, and response size, providing a clear picture of the target's API surface.

How do I run a basic kiterunner-scan example?

Run `kr scan [url] -w [wordlist]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -w _WORDLIST_ do in kiterunner-scan?

Custom wordlist file.