SHARE
Konan – Advanced Web Application Dir Scanner

Konan is an advanced open source tool designed to brute force directories and files names on web/application servers.

Installation

Download it by cloning the Git repository:

git clone https://github.com/m4ll0k/Konan.git konan

Install requirements with pip

cd konan && pip install -r requirements.txt

Run

python konan.py

Support Platforms

  • Linux
  • Windows
  • MacOSX

Also Read – KaliTorify : Transparent Proxy Through Tor For Kali Linux OS

Features

FeaturesTooldirsearchdirbgobuster
MultiThreadedyesyesyesyes
Multiple Extensionsyesyesnono
HTTP Proxy Supportyesyesyesyes
Reportingyes (text and json)yes (text and json)yes (text)no
User-Agent randomizationyesyesnono
Ignore word in wordlist using regexpyesnonono
Split extension in wordlistyesnonono
Multiple Methodsyesnonono
Response Size Processyesnonono
Provide Sub-Dir for Brute Forceyesnonono
Provide Dir for Recursively Brute Forceyesnonono
URL Injection Pointyesnonono

Usage

Basic:

  • python konan.py -u/–url http://example.com/

Injection Point:

  • python konan.py -u/–url http://example.com/%%/index.php
  • python konan.py -u/–url http://example.com/test%% -w /root/numbers.txt

Provide wordlist, default /db/dict.txt

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt

Provide extensions with -e/--extension option and force extension for every wordlist entry with -f/--force option:

  • python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force

Provide status code exclusion:

  • python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401

Provide only status code for output:

  • python konan.py -u/--url http://example.com/ -o/--only 200,301,302

Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]

Wordlist split (test.php -> to -> test):

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split

Wordlist Ignore word,letters,number,..etc provided by regexp (\w*.php|\w*.html,^[0-9_-]+):_

  • python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "\?+"

Output without -I/--ignore options:

Output with -I/--ignore (in this case \?+) options:

Recursive:

  • python konan.py -u/--url http://example.com/ -E/--recursive

Recursive directory found and directory provided by -D/--dir-rec:

  • python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"

Brute Force directory provided by -S/--sub-dir:

  • python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"

Multiple Methods (check GET,POST,PUT and DELETE for word entry):

Note: Much web application if not make the request with right method return 404 code, this option test all methods

  • python konan.py -u/--url http://example.com/ -m/--methods"

Content size process (show response if the response size is “>[number]”,”<[number]”,”=[number]”):

  • python konan.py -u/--url http://example.com/ -C/--lenght "<1000"