← 返回命令列表

Linux command

kiterunner 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Scan API

kr scan [url] -w [wordlist.txt]

Brute force endpoints

kr brute [url] -w [wordlist.txt]

Use specific wordlist

kr scan [url] -A apiroutes-210228

Scan with headers

kr scan [url] -w [list] -H "Authorization: Bearer [token]"

Output to file

kr scan [url] -w [list] -o [results.txt]

说明

kiterunner is a context-aware content discovery tool designed specifically for finding API endpoints on web applications. Unlike traditional directory brute-forcing tools that simply append paths to a base URL, kiterunner understands API routing conventions and sends requests that mimic legitimate API calls, including appropriate HTTP methods, headers, and content types for each candidate route. The tool ships with curated wordlists from Assetnote that are tailored for common API frameworks such as Rails, Django, Express, and Spring. It supports both a `scan` mode for intelligent API-aware discovery and a `brute` mode for traditional directory enumeration, giving security professionals flexibility during reconnaissance and penetration testing engagements.

参数

scan _URL_
Context-aware API endpoint discovery using datasets with correct HTTP methods, headers, and parameters.
brute _URL_
Vanilla directory brute-forcing with custom wordlists.
kb replay _REQUEST_
Replay a previously discovered request, optionally through a proxy.
-w _WORDLIST_
Wordlist file.
-A, --assetnote-wordlist _NAME_
Use wordlist from wordlist.assetnote.io. Optionally append `;N` to limit to first N lines.
-H _HEADER_
Add HTTP header.
-o _FILE_
Output file.
-x, --max-connection-per-host _N_
Maximum concurrent connections per host (recommend 5-10).
--disable-precheck
Skip host alive discovery before scanning.
--help
Display help information.

FAQ

What is the kiterunner command used for?

kiterunner is a context-aware content discovery tool designed specifically for finding API endpoints on web applications. Unlike traditional directory brute-forcing tools that simply append paths to a base URL, kiterunner understands API routing conventions and sends requests that mimic legitimate API calls, including appropriate HTTP methods, headers, and content types for each candidate route. The tool ships with curated wordlists from Assetnote that are tailored for common API frameworks such as Rails, Django, Express, and Spring. It supports both a `scan` mode for intelligent API-aware discovery and a `brute` mode for traditional directory enumeration, giving security professionals flexibility during reconnaissance and penetration testing engagements.

How do I run a basic kiterunner example?

Run `kr scan [url] -w [wordlist.txt]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does scan _URL_ do in kiterunner?

Context-aware API endpoint discovery using datasets with correct HTTP methods, headers, and parameters.