Konan – Advanced Web Application Dir Scanner

Konan is a sophisticated open supply device designed to brute power directories ^(https://www.kitploit.com/search/label/Brute%20Force%20Directories) and recordsdata names on internet/software servers.

necessities ^(https://www.kitploit.com/search/label/Requirements) with pip
cd konan && pip set up -r necessities.txt
Run Konan
python konan.py

Support Platforms

  • Linux
  • Windows
  • MacOSX

Features

FeaturesKonandirsearchdirbgobuster
MultiThreadedsuresuresuresure
Multiple Extensionssuresurenono
HTTP Proxy Supportsuresuresuresure
Reportingsure (textual content and json)sure (textual content and json)sure (textual content)no
User-Agent randomizationsuresurenono
Ignore phrase in wordlist ^(https://www.kitploit.com/search/label/Wordlist) the use of regexpsurenonono
Split extension in wordlistsurenonono
Multiple Methodssurenonono
Response Size Processsurenonono
Provide Sub-Dir for Brute Forcesurenonono
Provide Dir for Recursively Brute Forcesurenonono
URL Injection ^(https://www.kitploit.com/search/label/Injection) Pointsurenonono

Usage
Basic:

  • python konan.py -u/--url http://instance.com/
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/seek.php
0.54% - 01:32:57 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 01:33:12 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.php
8.77% - 01:40:02 - 302 - GET - 14 - http://testphp.vulnweb.com/userinfo.php -> login.php

Injection Point:

  • python konan.py -u/--url http://instance.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/check/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/seek/index.php
  • python konan.py -u/--url http://instance.com/check%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/check%%

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/check12
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/check34

Provide wordlist, default /db/dict.txt:

  • python konan.py -u/--url http://instance.com/ -w/--wordlist /root/dict.txt

Provide extensions with -f/--force choice:

  • python konan.py -u/--url http://instance.com/ -e/--extension php,html -f/--force
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 02:00:21 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.html
0.43% - 02:00:23 - 200 - GET - 4732 - http://testphp.vulnweb.com/seek.php
0.54% - 02:00:30 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 02:00:46 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.html
0.87% - 02:00:50 - 200 - GET - 6115 - http://testphp.vulnweb.com/classes.html

Provide standing code exclusion:

  • python konan.py -u/--url http://instance.com/ -x/--exclude 400,403,401

Provide solely standing code for output:

  • python konan.py -u/--url http://instance.com/ -o/--only 200,301,302

Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):

  • python konan.py -u/--url http://instance.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]

Wordlist break up (check.php -> to -> check):

  • python konan.py -u/--url http://instance.com/ -w/--wordlist /root/dict.txt -s/--split

Wordlist Ignore phrase,letters,quantity,..and so on equipped through regexp (w*.php|w*.html,^[0-9_-]+):_

  • python konan.py -u/--url http://instance.com/ -w/--wordlist -I/--ignore "?+"

Output with out -I/--ignore choices:

URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 02:06:31 - 200 - GET - 4958 - http://testphp.vulnweb.com/???.php
0.43% - 02:06:32 - 200 - GET - 4732 - http://testphp.vulnweb.com/???????????
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/

Output with -I/--ignore (on this case ?+) choices:

 URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/

Recursive:_

  • python konan.py -u/--url http://instance.com/ -E/--recursive

Recursive listing discovered and listing equipped through -D/--dir-rec:

  • python konan.py -u/--url http://instance.com/ -E/--recursive -D/--dir-rec "admin,assessments,dev,inner"

Brute Force listing equipped through -S/--sub-dir:

  • python konan.py -u/--url http://instance.com/ -S/--sub-dir "admin,check,inner,dev"

Multiple Methods (take a look at GET,POST,PUT and DELETE for phrase access):
Note: Much internet software if now not make the request with proper means go back 404 code, this selection check all tricks

  • python konan.py -u/--url http://instance.com/ -m/--methods"

Content dimension procedure (display reaction if the reaction dimension is “>[number]”,”<[number]","=[number]"):

  • python konan.py -u/--url http://instance.com/ -C/--lenght "<1000"
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/
1.73% - 02:12:37 - 301 - GET - 184 - http://testphp.vulnweb.com/pictures -> http://testphp.vulnweb.com/pictures/
Download Konan ^(https://github.com/m4ll0k/Konan)